With many businesses having their employees working remotely / online during the pandemic, companies must be aware of the myriad of new cyber security issues and threats - especially as employees work from non-secured personal computers.
In this episode, I will be speaking with Sean O'Rourke, Cyber Security Consultant and CFO of Combs & Company. Sean will be identifying the unique cyber security risks that companies face during COVID-19, as well as some solutions to these challenges.
I will further explore the liability component from an employment law perspective.
Tune in for this informative conversation at TalkRadio.nyc or watch the Facebook Livestream by clicking here.
Eric introduces the guest of the show Sean O’Rourke. Sean begins the conversation about talking to common cyber-liability issues that businesses faced pre-COVID-19. He lists several types and examples of how business owners have fallen victim to organized cybercrime and how these problems have been exacerbated by the pandemic. Sean also describes what businesses can do to prepare for these cyberattacks and creates a division between what should be handled by the IT department and by the owners themselves.
Sean describes hesitations that businesses sometimes have when facing a cyberattack and why business owners should take initiative in these situations and not wait to take action. He also explains why technical departments are sometimes ill-equipped to handle these situations. The conversation goes towards the money behind cyber protection and why the risk is worth it when it comes to cyber security against ransomware.
The conversation continues with the average amount that a small business would pay for a data decryption after a ransomware attack. Sean also talks about the growing danger with ransomware and utilities that come with cyber-insurance that can help cover fees from data decryption.
Sean talks about the details behind a cyber-insurance policy and how the process works for independent businesses. Sean then shifts the discussion towards his own installation Combs & Company and explains the functions behind the business as well as his specific job title as a Cyber Security Consultant. Sean closes the show by giving out his contact information and his website for listeners.
00:00:40.710 --> 00:00:48.360 Eric Sarver: Good evening. Welcome to employment law today. This is episode two of my weekly talk radio show.
00:00:48.720 --> 00:00:59.250 Eric Sarver: I'm Eric solder employment law business law attorney and founder of the Law Offices Aragon solver and I'm here today with my guest colleague and friend of mine.
00:00:59.880 --> 00:01:07.380 Eric Sarver: Sean O'Rourke shorten it as a cyber liability consultant and CFL of combs and company.
00:01:07.950 --> 00:01:15.270 Eric Sarver: And before I introduce Sean, I thought I would just recap a bit of a summary of this show of what employment law today is all about.
00:01:16.200 --> 00:01:27.900 Eric Sarver: And the topic of the show each week has to do with business owners who are facing some of the often overwhelming employment law and labor law challenges that comes with
00:01:28.230 --> 00:01:38.820 Eric Sarver: running a small business, and these challenges have been only magnified with the code 19 pandemic in place and then the review openings and closings and
00:01:39.510 --> 00:01:49.140 Eric Sarver: Traditions, and so forth. So I'm a weekly show we have guest speakers and we have three main goals, the show. One is to inform you, the business owner
00:01:49.410 --> 00:01:59.400 Eric Sarver: About employment law updates and so I'll be starting a segment where I'll have top of the hour news articles regarding ADA compliance or
00:02:00.000 --> 00:02:09.900 Eric Sarver: Paid Family Leave as laid to the coronavirus families first scrimmage respond to act and tap into that nature and the second goal of this
00:02:10.530 --> 00:02:21.900 Eric Sarver: Podcast slash radio show is to inspire businesses to take healthy risks to get information so that you can safely navigate this pandemic.
00:02:22.320 --> 00:02:32.910 Eric Sarver: And go about navigating all the employment labor laws that you may be shopping with and lastly we'll be having featured guests are business owners who have managed to successfully.
00:02:33.780 --> 00:02:49.080 Eric Sarver: Go through this pandemic and we'll talk to them about what they've discovered and what helps them to get through each day and follow the different labor laws that are coming their way. So with that, I'd like to give a warm welcome to you, Sean. Welcome to the show. It's good to have you.
00:02:49.440 --> 00:02:53.400 Sean O'Rourke: Thank you very much, Eric. Good to be here. And thanks again for inviting me.
00:02:53.940 --> 00:03:02.490 Eric Sarver: Oh, my pleasure. You're welcome. I'd like to just read a brief summary about you. If I may just to introduce you a little bit to our guests.
00:03:03.600 --> 00:03:07.020 Eric Sarver: So our guest tonight. As I mentioned, Sean right here. Sean O'Rourke
00:03:07.920 --> 00:03:17.130 Eric Sarver: Cyber liability consultant and CFO of combs and company, a company which provides comprehensive insurance coverage and benefits, including
00:03:17.670 --> 00:03:27.240 Eric Sarver: Cyber liability insurance to businesses individuals like and Sean has an interesting background I met Sean through some various networking circles.
00:03:27.540 --> 00:03:36.930 Eric Sarver: In fact, we were just speaking about three hours ago on a webinar together. So it's a, like a Sean Eric day today. Yeah. And Sean actually in 2004
00:03:37.530 --> 00:03:49.410 Eric Sarver: Founders his own technology solutions and consulting firm. So we have a tech based background as a business based background. And both of these go into his work as a cyber liability consultant
00:03:49.890 --> 00:04:02.130 Eric Sarver: And so, Sean sees his role as twofold. First is to minimize the damage that's done the small and mid sized businesses, usually one to 300 employees. So many of you out there watching tonight.
00:04:02.670 --> 00:04:21.000 Eric Sarver: And then the second and that's after a cyber event. And then the second aspect of Sean's work is to implement proactive protocols to limit accompanies exposure and in three areas operations legal and reputation. So I hope I did justice there Sean in my intro, but that
00:04:21.060 --> 00:04:22.530 Sean O'Rourke: Seems it's not by works for me.
00:04:22.980 --> 00:04:33.540 Eric Sarver: Okay, great. So I thought might jump in with a question or two. Um, I was wondering, Sean. If you can meet compare and contrast for our viewers and listeners tonight.
00:04:33.990 --> 00:04:47.370 Eric Sarver: Some of the pre and post coven 19 issues around cyber liability. Like, for example, I wonder that, what are some of the most common cyber liability issues that businesses faced prior to
00:04:51.030 --> 00:04:56.790 Sean O'Rourke: Well, I mean, some of them, they're the exact same things that they're facing host code.
00:04:57.420 --> 00:05:06.510 Sean O'Rourke: 19 and that would be obviously ransomware attacks and for those who aren't familiar ransomware attacks are essentially
00:05:07.530 --> 00:05:25.230 Sean O'Rourke: malware or virus gets inside your system. And what it does is it encrypts your data and then somebody basically pops a screen up on your, your computer and says, You owe me X number of dollars in bitcoin and I'll send you the on encryption key.
00:05:26.280 --> 00:05:40.350 Sean O'Rourke: That has been a a boon business for for years and had been steadily increasing over the years and then just like a hockey stick. If you were looking at a chart.
00:05:41.520 --> 00:05:55.410 Sean O'Rourke: Come the end of March, beginning of April of 2020. I mean, it's just zoomed almost vertically in terms of the number of ransomware attacks and that's really because
00:05:56.520 --> 00:06:09.960 Sean O'Rourke: cybercrime has become basically organized crime or whether it's organized by a nation state whether it's organized by a criminal element or whether it's an organized group that are basically guns for hire.
00:06:10.410 --> 00:06:24.960 Sean O'Rourke: And you just hire them and you say, I want Eric so security number and then they figure out a way to get it or I want a million bucks and they figure out a way to get it. So that's really that is been
00:06:26.430 --> 00:06:39.510 Sean O'Rourke: Been a reality for a number of years and covert just exacerbated it one of the other areas that covert really exacerbated or fishing or business email compromise.
00:06:39.690 --> 00:06:50.880 Sean O'Rourke: Fraud where they essentially either compromise a legitimate email account or they create an account that looks legitimate.
00:06:51.120 --> 00:06:57.810 Sean O'Rourke: And they send you an email in the hopes that you will fall for the bait. That's why they call it fishing, but with a pH.
00:06:59.160 --> 00:07:19.140 Sean O'Rourke: And in so doing, you may do any number of things that will either give them access to systems that you have and then data that you have or will actually transfer money or something of value to them thinking that you're sending it to the legitimate entity.
00:07:20.220 --> 00:07:25.500 Sean O'Rourke: A perfect example of this is somebody send you an invoice and says,
00:07:25.980 --> 00:07:33.330 Sean O'Rourke: Hey, Eric, where you're printing company and you just printed up 1000 fliers. And here's your invoice.
00:07:33.630 --> 00:07:44.190 Sean O'Rourke: Oh, by the way, we have a new bank account. And we're only accepting wires or a CH transfers. So here's the information. Well, it's not really from your printing company they either compromised.
00:07:44.670 --> 00:07:51.630 Sean O'Rourke: The printing companies email account and found that invoice and sent it to you and then just change the banking info.
00:07:52.350 --> 00:08:00.690 Sean O'Rourke: Or they created something in there fishing for you and then you really didn't print anything. So, you know, to automatically delete it or you really did.
00:08:01.440 --> 00:08:12.000 Sean O'Rourke: But you're not sure, with whom, believe it or not. Those situations doing rise so those elements were pre and post coven post covert they've just been intensified.
00:08:14.850 --> 00:08:21.750 Sean O'Rourke: Because of something that will talk about in terms of post Kovac which is the new distributed workforce.
00:08:22.290 --> 00:08:22.830 Scenario.
00:08:23.970 --> 00:08:32.010 Eric Sarver: It's interesting because I can see some of the potential factor is sort of the perfect storm that must have been brewing when coven hit for
00:08:32.340 --> 00:08:45.450 Eric Sarver: anyone involved with cyber attacks and ransomware with phishing emails as you stated interesting also to know why they spell it pH is h i n g is, I guess, indicative of how it's just one off and fishing the way
00:08:46.200 --> 00:08:46.710 Eric Sarver: Man, I've
00:08:47.040 --> 00:08:48.780 Eric Sarver: Seen letter I.
00:08:48.840 --> 00:09:02.430 Sean O'Rourke: To be perfectly honest, I've never questioned it. I just saw fishing and at that point I was, I was so involved in the day to day of it. I never bothered to find out. So, you know what, maybe they'll do some research. After this, and I'll send you an update.
00:09:03.120 --> 00:09:08.010 Eric Sarver: Could we have like a Trivial Pursuit. And I know it's good to know that information, but um. But in all seriousness,
00:09:08.580 --> 00:09:12.120 Eric Sarver: I know this can be a very serious issue for small businesses and I can see how
00:09:13.020 --> 00:09:17.670 Eric Sarver: The combination of number one. You've got, like you said, distributed workforce people working
00:09:18.090 --> 00:09:29.910 Eric Sarver: Remotely from home. People working from maybe perhaps unsecured unsecured laptops or iPads and their attention. I imagine somewhat distracted and diverted a bit right because you've got
00:09:30.270 --> 00:09:43.260 Eric Sarver: Some folks who have maybe they're two or three children at home, young kids are being homeschooled on zoom or you've got a husband and wife maybe or two partners. We're working at the same small space and so
00:09:43.830 --> 00:09:54.690 Eric Sarver: I think people plus people's nerves that kind of frame and we're a little bit stretched to the end. These days, and so we might not be as sharp. If it's an email comes in an email has one letter off.
00:09:55.860 --> 00:10:06.300 Eric Sarver: I've often whenever I get an email. I usually check whom it's from. And especially if it has to do with money or request for it. And I often do notice that one letters off or there's a period somewhere.
00:10:06.660 --> 00:10:13.860 Eric Sarver: But I can definitely see how that trend would would only escalate it sounds like once a company is
00:10:14.460 --> 00:10:22.050 Eric Sarver: And once a company, let's say has taken the bait and either they've opened a phishing email. They've been
00:10:22.560 --> 00:10:32.580 Eric Sarver: Hooked in that regard. And that way, in that regard, or let's say they've had the ransomware attack and someone is demanding a hostage situation can be minute with information.
00:10:33.030 --> 00:10:41.070 Eric Sarver: Company might have, or it could be a law firm, for example, with the duty to protect confidential files, looking at some very serious violations. It could be
00:10:41.400 --> 00:10:50.580 Eric Sarver: A medical office where hip information is on the line and compromised and is there, what is there are coming back from that scenario would
00:10:51.600 --> 00:10:52.740 Eric Sarver: Have just kind of texting.
00:10:52.740 --> 00:10:54.150 Sean O'Rourke: Or yeah, what
00:10:54.390 --> 00:10:55.230 Sean O'Rourke: My. Yeah, you could
00:10:55.410 --> 00:11:02.070 Sean O'Rourke: You could recovered from that scenario but it's all dependent on what you do before that happens to you, it's like
00:11:03.300 --> 00:11:03.750 Sean O'Rourke: Yeah.
00:11:05.430 --> 00:11:20.340 Sean O'Rourke: It's what I do now for a living. I'm not taking care of people's IT infrastructure or their security infrastructure, essentially, working with the business side of the house, let them know that this is a business issue. Now this is not an IT issue.
00:11:21.090 --> 00:11:22.830 Sean O'Rourke: Your it portion of it.
00:11:24.030 --> 00:11:42.840 Sean O'Rourke: I won't say takes care of itself. But the IT field has become aware of what is happening and how to respond to it. So when I go and I talked to a business owner or CFO or somebody else who's in charge of cyber from a business side.
00:11:43.500 --> 00:11:45.510 Sean O'Rourke: Noise like well the cyber
00:11:45.690 --> 00:11:54.030 Sean O'Rourke: The cyber responses to the it problem and I i have to educate them on the fact that
00:11:54.630 --> 00:12:03.120 Sean O'Rourke: No, it's not really the it problem because the real damage is done. And when the business side of the house is not prepared to respond.
00:12:03.720 --> 00:12:15.720 Sean O'Rourke: To the inevitable, which is having a cyber incident, I can guarantee you if you're in business long enough and you keep enough machines or devices connected to the Internet, you're going to have a cyber attack.
00:12:16.860 --> 00:12:24.150 Sean O'Rourke: There's a very famous quote you can't defend you can't protect all you can do is prepare and respond
00:12:26.250 --> 00:12:37.380 Sean O'Rourke: And so I paraphrase that I know it's not the actual quote, but that's the paraphrasing. So what I do now is I work with the business side to prepare them to respond.
00:12:37.890 --> 00:12:52.260 Sean O'Rourke: And it comes to the areas that you mentioned, it's a there's an acronym that's developed a lightly called wolf r o l W and that stands for reputation operations legal and financial
00:12:52.710 --> 00:13:00.480 Sean O'Rourke: Those are the four areas that are chiefly impacted by a cyber event and what you do as a business person.
00:13:01.170 --> 00:13:13.560 Sean O'Rourke: Whether you're a solo printer or you have 300 employees what you do ahead of time will dictate how painful and how hard it is to recover from a cyber incident and
00:13:14.370 --> 00:13:31.710 Sean O'Rourke: I hearken back to Equifax Equifax is is my number one. Go to, because it's the one everybody remembers. Yep. And all you have to do is look at how poorly, the business side responded to understand why. At this point, I mean,
00:13:32.670 --> 00:13:41.610 Sean O'Rourke: They're their cost of this is in the billions, and I wouldn't be surprised if it's in the 10s of billions of dollars. And that's real money.
00:13:42.570 --> 00:13:50.190 Sean O'Rourke: In Los sales fines that you had to pay settlement cause you had to pay expenses, you had to pay to rebuild your reputation.
00:13:50.580 --> 00:14:09.930 Sean O'Rourke: Three. Look, you see experienced all over the place. You still see trans union all over the place. You don't see much advertising out of Equifax Equifax is kind of run silent run deep and try to build business that way without necessarily exposing themselves to the general public.
00:14:11.310 --> 00:14:22.320 Eric Sarver: Is interesting point, Sean, I think one area that you and I have a commonality and or one aspect of our practices that is similar, is that the the proactive measures is so key. And if you take those
00:14:22.770 --> 00:14:32.790 Eric Sarver: It can really lesson soften the blow the pain, whether it's taking proactive measures to avoid a site or to respond, I should say, right, prepare and respond to a cyber attack.
00:14:33.180 --> 00:14:41.310 Eric Sarver: Or whether it's taking proactive measures say sending up the homework for us that complies with the employment labor laws so that you're not hit with a giant overtime class action suit.
00:14:41.730 --> 00:14:48.360 Eric Sarver: Yeah, and I assume we've got about a minute or less than a minute to commercial break. But when we come back, maybe we can just take up a little
00:14:49.200 --> 00:14:59.100 Eric Sarver: Chat talk about some of those practice measures and maybe even weigh the costs so we can see what exactly if one truly is being
00:14:59.490 --> 00:15:12.960 Eric Sarver: penny wise and pound foolish when they're not taking on cyber liability and not taking it seriously and then how are they protected themselves and what kind of profit but they protect if they are taking this seriously so true.
00:15:12.960 --> 00:15:22.290 Eric Sarver: I think it's a great jumping off point after the break. We'll be back after this commercial break. Folks that ground employment law today right here on talk radio dot NYC.
00:17:39.900 --> 00:17:47.700 Eric Sarver: Welcome back everybody. I'm here, like I mentioned with Shawna work cyber liability consultant and CFO of cones and company.
00:17:48.090 --> 00:17:55.080 Eric Sarver: And for those who may be joining us late Sean and I was having conversation about some of the cyber
00:17:55.470 --> 00:18:04.020 Eric Sarver: liability issues and cyber security issues that have been happening and escalating on the rise. During the cobra 19 pandemic. We talked a little bit about
00:18:04.740 --> 00:18:12.720 Eric Sarver: phishing email scams and ransomware attacks. And as I mentioned, these are not new, necessarily, they're not
00:18:13.230 --> 00:18:25.560 Eric Sarver: Stemming were born before 19 but they're on the rise with dependent make it. We talked a bit about that some of the causes people working from home. People working remotely people have their attention diverted
00:18:26.580 --> 00:18:32.880 Eric Sarver: I think a lot of cyber security or other subject matter experts know this. And I think a lot of cyber criminals know this as well.
00:18:33.390 --> 00:18:42.300 Eric Sarver: I think we really left off an interesting point before the break about I asked if there was some proactive measures that a business can take and
00:18:42.840 --> 00:18:53.190 Eric Sarver: What I found in my I've been practicing employment law about 21 plus years by now. And it seems that a lot of times the business will
00:18:53.760 --> 00:19:00.300 Eric Sarver: Wait on somebody that they know they should do they know maybe that a practice matters important. It's important to have, for example,
00:19:00.780 --> 00:19:10.560 Eric Sarver: Your employment contracts looked at in advance, it's important to have somebody go over. Let's say you're right, your hourly employees and your unpaid and you're over time and unpaid interns.
00:19:10.950 --> 00:19:20.070 Eric Sarver: To make sure that you're doing it correctly. Because if you're not doing that correctly. And you get caught by the Department of Labor, or you get sued. It's a much larger heading.
00:19:20.880 --> 00:19:34.380 Eric Sarver: I guess what I wondered Sean is before talking about, let's say some of those proactive measures that I'd love to get into with you in the cyber liability world. What are some of the obstacles, you've seen
00:19:34.740 --> 00:19:43.620 Eric Sarver: Or hesitations you've seen, let's say from small business owners that you've spoken with, you know, you go to them and you are maybe talking about is the the cyber
00:19:44.010 --> 00:19:56.250 Eric Sarver: Security Policy, we have and this is what steps to take. And how much of a cost and what are some of the, I don't know hesitation type of moments that you've experienced, maybe you can share with us well.
00:19:57.210 --> 00:19:58.110 Sean O'Rourke: There's a lot
00:19:59.010 --> 00:20:00.210 Eric Sarver: Of times we have right yeah
00:20:00.210 --> 00:20:04.290 Sean O'Rourke: Exactly, yeah. We'll have to have a part to scour
00:20:04.320 --> 00:20:06.180 Eric Sarver: For that's how it should be fine. Maybe
00:20:06.810 --> 00:20:09.510 Sean O'Rourke: So obviously the first and foremost is
00:20:09.540 --> 00:20:10.050 The money.
00:20:11.550 --> 00:20:26.040 Sean O'Rourke: Everybody looks at technology as a cost center when they don't realize that their entire business now runs on technology, whether it's digital communication e commerce shipping digital data.
00:20:27.150 --> 00:20:36.900 Sean O'Rourke: It doesn't matter runs on technology doesn't necessarily means it runs by or you do business by technology, but it runs on technology.
00:20:37.260 --> 00:20:47.730 Sean O'Rourke: And they don't really conceive of the disruption that would be caused if that technology was suddenly cut off for one reason or another.
00:20:48.450 --> 00:20:59.790 Sean O'Rourke: It could be for nefarious reasons. Or it could just be bad luck. And so they don't really get the concept of why this is a business problem and not a technology problem.
00:21:00.240 --> 00:21:12.990 Sean O'Rourke: The end. So it always comes down to money. The second one is it again. Education is not the right word, but it's the word I'm going to use. It's the education of the fact that
00:21:13.710 --> 00:21:25.500 Sean O'Rourke: There are now laws out there state laws. Yes. In all 50 states and in California, New York have their own South Carolina has a special one for insurance industry.
00:21:27.120 --> 00:21:40.740 Sean O'Rourke: Nevada has its, its own sort of cyber laws and whatnot, and every other state is looking at these for potential passage in 2021 2022
00:21:41.430 --> 00:21:46.830 Sean O'Rourke: And so they don't realize what they are on the hook for should they have a cyber event.
00:21:47.340 --> 00:21:55.560 Sean O'Rourke: And so that's why I say the business response or the lack of preparation on the business side is really what's ends up being costly.
00:21:55.950 --> 00:22:06.990 Sean O'Rourke: Because then you have regulators knocking at your door, and then you have plaintiffs attorneys from the people whose data or systems were compromised because of your breach or incident.
00:22:07.590 --> 00:22:18.300 Sean O'Rourke: And they're knocking on your door and they're saying you're responsible for this and now all of a sudden, everybody's like, Well, I didn't know that. Well, ignorance is, as you know, is not a defense.
00:22:18.330 --> 00:22:19.830 Sean O'Rourke: And a quarter ball so
00:22:20.250 --> 00:22:21.270 Sean O'Rourke: Even in civil court.
00:22:22.620 --> 00:22:40.380 Sean O'Rourke: And then the third one is inertia. They just, it takes work and and they just don't want to do the work they have other things going on. They need to run the business, especially now with code disrupting so much
00:22:41.520 --> 00:22:49.020 Sean O'Rourke: They're just looking at it. They're like, you know what, when I can get to it. I'll get to it and they never get to it. It's
00:22:49.500 --> 00:22:58.200 Sean O'Rourke: One of those items that keeps getting pushed down the to do list. And it's not an item that will that will wait for you.
00:22:59.130 --> 00:23:13.050 Sean O'Rourke: People out there are, whether they get you by chance or whether they get you on purpose. They're going to get you and you are in their crosshairs you're never too small. And you never and you don't have
00:23:14.250 --> 00:23:21.150 Sean O'Rourke: The protection of saying. Nobody's interested in what I have. They don't care I send out 10 million emails a day.
00:23:21.600 --> 00:23:23.040 Sean O'Rourke: And you receive five of them.
00:23:24.360 --> 00:23:30.960 Sean O'Rourke: They send out 100 emails of them and you receive 50 of them. They don't care. They don't know who you are. They're just
00:23:31.560 --> 00:23:34.170 Sean O'Rourke: They're just out there, fishing, as I said, and they'll
00:23:34.200 --> 00:23:43.800 Eric Sarver: Take one thing that often it's, it's something they do a mass. It's sort of a mass approach of just trying to get as many people as possible on the hook.
00:23:44.160 --> 00:23:53.400 Eric Sarver: And see who may respond. You might have a lot of data information. I'm glad you mentioned that. And you know it's interesting, Sean, because those three
00:23:53.880 --> 00:24:02.550 Eric Sarver: Let's say obstacle, shall we say, are those those stalling points that where people stall out said, say for example, business owners that are listening tonight.
00:24:03.030 --> 00:24:13.500 Eric Sarver: To this broadcast, whether they're on Facebook Live talk radio NYC whether they're listening to the audio recording later. I think that a lot of business can identify with those three things. That's the money.
00:24:14.100 --> 00:24:22.140 Eric Sarver: And the education, lack of education they lack the true knowledge of what's at stake, and then the inertia and I've always seen those three I very much
00:24:22.620 --> 00:24:30.480 Eric Sarver: They're interconnected. Their link and they play into another. So it's sort of, to me, it seems, if a business lacks the education.
00:24:30.810 --> 00:24:36.840 Eric Sarver: The knowledge of what's at stake truly if they don't know for example that you're right, all these different states have passed now.
00:24:37.320 --> 00:24:48.420 Eric Sarver: laws regarding the company's obligation for protection of data and privacy and data protection. There's also, of course, many laws modeled after the European the GDPR type of rules.
00:24:49.350 --> 00:24:56.250 Eric Sarver: So if the business doesn't know exactly what they're on the hook for if something goes awry and
00:24:56.700 --> 00:25:03.360 Eric Sarver: Then the inertia kicks in, because they don't really see how serious prop. The problem is, and once the nurture kicks in, then
00:25:04.170 --> 00:25:12.030 Eric Sarver: They look at what it has to be done and then they start to see how much is going to cost them or the cost contributes to the feeling of inertia, like all is going to be
00:25:12.480 --> 00:25:20.970 Eric Sarver: An expensive proposition, but I do see that a lot with employment law as well. And I think that brochure during sure I think during coven
00:25:21.450 --> 00:25:33.270 Eric Sarver: You know, think people listening tonight. This broadcast. If there's any takeaways around employment live and shuts them is that you know your employees. Many of them are working remotely. Many are that say on unsecured
00:25:34.020 --> 00:25:42.060 Eric Sarver: Laptop or not in the office where something looks funny they can bring up to the IT departments, you know, eyes are from and they're
00:25:42.570 --> 00:25:44.010 Sean O'Rourke: Not give you an example.
00:25:44.070 --> 00:25:44.310 Sean O'Rourke: Yeah.
00:25:45.120 --> 00:25:47.130 Sean O'Rourke: That works very well in your world.
00:25:48.420 --> 00:25:51.570 Sean O'Rourke: Sense, the remoteness of
00:25:52.800 --> 00:25:54.150 Sean O'Rourke: The code response.
00:25:55.350 --> 00:26:13.350 Sean O'Rourke: In terms of a workforce, to your point, an IT department, whether its internal or whether it's a gun for hire, like my old firm was an outsourced CTO, essentially, they don't have insights into the home setup and usually
00:26:14.580 --> 00:26:20.400 Sean O'Rourke: You know, how does a company make a request that you don't let your kids on your Wi Fi when you're working
00:26:21.030 --> 00:26:23.250 Sean O'Rourke: Because you don't know what your kids are downloading
00:26:24.450 --> 00:26:34.470 Sean O'Rourke: How do you make a request that they don't use their own laptop, because you don't know what's on the laptop or who else uses the laptop.
00:26:35.550 --> 00:26:52.650 Sean O'Rourke: And how do you make a request that okay well let it at least get in on the laptop created different account that they can further secure and monitor and then an employee turns around and says, well, but wait, this my personal laptop. My family's on here. If you can
00:26:52.650 --> 00:26:53.280 Sean O'Rourke: Monitor.
00:26:53.820 --> 00:26:57.480 Sean O'Rourke: My laptop, you can see everything that everybody's doing. I don't want that.
00:26:58.410 --> 00:27:13.320 Sean O'Rourke: The company is looking at it as well, guess what, if you're on your laptop and you're working and that laptop was compromised. We're on the hook for all the client data that gets compromised via your laptop.
00:27:13.770 --> 00:27:22.470 Sean O'Rourke: So why shouldn't we want to be able to monitor and control what you're doing. And I think that's a discussion.
00:27:22.950 --> 00:27:37.740 Sean O'Rourke: That one hasn't gotten a lot of attention because it's it's it's a nuanced discussion, but it's conversations that are happening all over the United States. And I'm pretty sure the world when it comes to companies having employees work from home.
00:27:38.760 --> 00:27:57.420 Sean O'Rourke: And it's, it's, you know, you're, you're better versed in the law. I only play a lawyer on these zoom calls. So I don't know all the ins and outs, but I do know there are legal limits to what you can request at home or or for employees working at home, even in the age of Kobe.
00:27:58.590 --> 00:28:02.010 Sean O'Rourke: And why this won't be a permanent deal. I don't think
00:28:03.090 --> 00:28:08.250 Sean O'Rourke: There's a lot of damage that can be done between now and everybody coming back to the office.
00:28:09.120 --> 00:28:19.380 Eric Sarver: And they read my mind, Sean, I was thinking about that in terms of companies where I update their employee handbooks and employee manuals and I usually have them. I recommend they implement the social media policy and also a
00:28:19.710 --> 00:28:21.840 Eric Sarver: Policy around the laptops that they use.
00:28:22.080 --> 00:28:31.590 Eric Sarver: Whereas if they're at work and they're working from a work laptop. They don't go on to other sites that may be non secure sites are compromised and usually pre coated when everyone
00:28:32.100 --> 00:28:40.980 Eric Sarver: With most of the time come into the office, maybe some folks might work from home on Friday is one day a week to save on the community, but for the most part people were coming in.
00:28:41.280 --> 00:28:48.810 Eric Sarver: The company could say, hey, these are right standard issue computers. Here you go. You know, people come into the cubicle their desk and they log on.
00:28:49.290 --> 00:28:57.060 Eric Sarver: And in terms of liability as an attorney, I could say that as an employer. And if you're wondering about this you, you do have a right
00:28:57.450 --> 00:29:11.040 Eric Sarver: To request that your employees use this true laptop and now it gets tricky. If it's their own private property and you're saying to them. Don't let your kids a husband on the computer or your wife or your child.
00:29:11.490 --> 00:29:20.550 Eric Sarver: And it's something that you know the purchase that they brought they bought rather they went into the store even using the laptop, you didn't pay for it or you therefore they technically
00:29:21.090 --> 00:29:31.470 Eric Sarver: Under the auspice of working during that time, because let's say you're basically setting restrictions and limitations on what they can and can't do,
00:29:31.980 --> 00:29:43.320 Eric Sarver: And that might be considered hours on the clock. So if you tell them, you know, hey, I don't care if it's 7pm 9pm you work nine to five, but you cannot go on these sites or you cannot
00:29:44.130 --> 00:29:51.840 Eric Sarver: Use your computer in this way. It's almost as if you were to send somebody an email requesting information seconds that gets into a whole
00:29:52.410 --> 00:30:00.720 Eric Sarver: Whole other issue for another time routes. But what I love to talk about with you as well. And this is that you mentioned the money and
00:30:01.170 --> 00:30:04.980 Eric Sarver: In terms of helping our viewers or listeners to overcome some of the stumbling blocks.
00:30:05.520 --> 00:30:09.570 Eric Sarver: I found them. And people really look at these things like money inertia education.
00:30:09.960 --> 00:30:18.600 Eric Sarver: What they're surprised that what they thought the case was and what was really reality. So maybe I don't we have a break coming up again the commercial, but I know that
00:30:19.380 --> 00:30:25.140 Eric Sarver: I've seen when I talk to potential clients and they'll guide you compliance practice measures.
00:30:25.500 --> 00:30:32.310 Eric Sarver: How much is it going to cost me. I tell them you know what a cost, but then talking about how much things might cause that say if they
00:30:32.760 --> 00:30:40.590 Eric Sarver: MAKE A MISTAKE don't comply with the law. And let's say that being sued for as we discussed earlier today in a webinar a non a DA compliant website or
00:30:40.860 --> 00:30:49.620 Eric Sarver: Anything near the penalty or $75,000 for case goes to court. So how much it costs to make that compliance. So I would just be curious to hear
00:30:50.040 --> 00:31:00.570 Eric Sarver: Maybe some of the money and maybe ask the rig a good starting point. How about we have a you and I kind of deconstruct some of those stumbling blocks for our viewers and
00:31:00.840 --> 00:31:03.180 Sean O'Rourke: I'll give a teaser to bring everybody back
00:31:03.630 --> 00:31:09.060 Sean O'Rourke: For all my gamers out there. I'll give you a cheat code when you come back.
00:31:10.440 --> 00:31:24.900 Eric Sarver: Chico coming up from Shauna work. I like that to get either. So we're about to take a break. Once again, listening to the employment law today. I'm Eric sovereigns and Sean are art. We're here on talk radio dot NYC stick around back in a moment, folks.
00:33:49.170 --> 00:33:58.740 Eric Sarver: Welcome back to employment law today, Eric. Sorry. Laughs Eric. I'm sorry. I'm here with my guest tonight Mr. Sean O'Rourke
00:33:59.100 --> 00:34:05.400 Eric Sarver: Cyber liability consultant and CFO of combs and company a comprehensive insurance benefits company.
00:34:06.090 --> 00:34:13.170 Eric Sarver: So before the break. We had a nice teaser from Sean when I asked about, we're going to try to deconstruct for our audience tonight.
00:34:13.590 --> 00:34:22.260 Eric Sarver: And I was being a lot of small midsize business owners can be a new business it's opener. As I mentioned, could be a long established company if you're listening tonight.
00:34:22.560 --> 00:34:30.600 Eric Sarver: If if cyber liability issues have been on your back burner of a journalist and you've had the inertia again.
00:34:30.930 --> 00:34:39.540 Eric Sarver: Or if cyber liability on the back burner for you, and you've had maybe an issue of just not knowing exactly what the cyber liability is really all about lack of education.
00:34:39.870 --> 00:34:54.090 Eric Sarver: Of your obligations and or if you thought that maybe cyber liability cyber security and in cyber sounds quote unquote expensive and that may have scared you from taking action.
00:34:54.780 --> 00:35:00.780 Eric Sarver: And you have Sean here with us today, who's an expert in these fields. I thought maybe Sean could deconstruct these
00:35:01.530 --> 00:35:10.380 Eric Sarver: So we talked a little bit about education show I mentioned some of the laws that are out there and some of the liability aspects I can attest as an attorney that
00:35:11.280 --> 00:35:19.320 Eric Sarver: Yes, if there's a major data breach and you had a duty to secure ones data that person can fall lawsuits and depends upon the
00:35:19.620 --> 00:35:24.900 Eric Sarver: Nature of the data that can also be a factor if its financial data health insurance, health related data.
00:35:25.440 --> 00:35:34.620 Eric Sarver: I'd also state that if there's a State law and places that sets a standard that you must comply with and you reach that standard. It makes it that much easier.
00:35:35.010 --> 00:35:44.580 Eric Sarver: Or I should say couldn't make it that much easier for a plans attorney to to hold the business accountable social in terms of the money part
00:35:45.810 --> 00:35:46.650 Eric Sarver: Interesting teacher there.
00:35:48.270 --> 00:35:59.550 Eric Sarver: What, what if we met a butcher scale and on one side of the scale we had the cost of the practice measures solutions that you would say recommend that you do for your clients business owners.
00:36:00.150 --> 00:36:07.980 Eric Sarver: Those are the scale we have to save costs or potential cost center. They can be in a broad range that happens when it comes to
00:36:08.640 --> 00:36:20.010 Eric Sarver: A ransomware attack or a phishing attack where the company was unprepared company was not proactive one of those costs look like to you on two sides of scale. Can you maybe share a bit about that.
00:36:22.650 --> 00:36:26.580 Sean O'Rourke: Well, on the let's use ransomware because right
00:36:26.670 --> 00:36:29.130 Sean O'Rourke: Where Scott pretty definitive numbers.
00:36:29.340 --> 00:36:35.010 Sean O'Rourke: Turn because obviously they're all anybody who's made it public. You know how much they had to pay
00:36:35.820 --> 00:36:37.620 Sean O'Rourke: A small and midsize businesses.
00:36:38.700 --> 00:36:59.700 Sean O'Rourke: And this is a, you know, the scale is not true to form, but small the small the small to mid sized businesses, and I'm talking. I'm talking micro businesses. So under 10 and midsize businesses are probably thinking under 100 people hundred employees.
00:37:00.750 --> 00:37:04.860 Sean O'Rourke: Their average ransom. Where's our four to five figures.
00:37:05.520 --> 00:37:09.780 Sean O'Rourke: Hmm. So we're talking in the thousands to 10s of thousands
00:37:10.650 --> 00:37:12.840 Sean O'Rourke: Hmm. Thank you.
00:37:13.230 --> 00:37:16.200 Eric Sarver: I'm looking for have to pay to get the data back from them.
00:37:16.260 --> 00:37:23.010 Sean O'Rourke: Out of pocket to get the on encryption key just to get the data unencrypted decrypted
00:37:23.520 --> 00:37:24.900 Sean O'Rourke: Yeah, here's the kicker.
00:37:26.550 --> 00:37:30.690 Sean O'Rourke: This, it started back in 18 1920 has really become
00:37:32.520 --> 00:37:47.220 Sean O'Rourke: It's, it's basically the de facto process now ransomware used to be just about encrypting the data. Well, no longer ransomware is now about encrypting data and X filtration. So they're going to copy that data wallets encrypted.
00:37:49.620 --> 00:38:02.700 Sean O'Rourke: Yes, and they're going to take it out and what they do is they demand a ransom for the unencrypted key. And as part of that message that they will say whether up front, or when you come back to either tell them no or to negotiate.
00:38:03.450 --> 00:38:07.650 Sean O'Rourke: They'll come back and they'll tell you. Well, we've taken copies of all your data.
00:38:08.010 --> 00:38:15.870 Sean O'Rourke: And if you don't pay us the ransom. We're going to release that data. If you pay us a ransom. We promise.
00:38:16.740 --> 00:38:17.460 Sean O'Rourke: To delete it.
00:38:18.750 --> 00:38:30.000 Sean O'Rourke: And so you're caught between a rock and a hard place. I mean, you mentioned it in the first segment about what lawyers lawyer obligations are. When it comes to protecting client.
00:38:30.960 --> 00:38:42.630 Sean O'Rourke: attorney client privilege and privileged information. Well, there are a number of cases out there and examples of law firms being compromised through ransomware where the data was stolen.
00:38:43.890 --> 00:38:49.710 Sean O'Rourke: And whether or not it was released is dependent on whether or not the law firms pay now.
00:38:50.760 --> 00:39:03.690 Sean O'Rourke: As you get over 100 employees or you're an organization where the ransomware is no you have sensitive information that you are desperate to keep out of public eye. They jack the prices up
00:39:05.190 --> 00:39:09.930 Sean O'Rourke: Million dollars rants a million dollar ransom is no longer unusual.
00:39:11.160 --> 00:39:17.040 Sean O'Rourke: A number of years ago, before I left the day to day it the ransomware started at 300 bucks.
00:39:18.630 --> 00:39:26.550 Sean O'Rourke: Because it was small enough that everybody pretty much paid and nobody went to law enforcement or nobody cause any problems for the consumers.
00:39:27.540 --> 00:39:48.900 Sean O'Rourke: When you you set that precedent. The ransomware is then realize okay well how about 500. How about 1000 10,000. Sure. Here's where actually insurance cyber insurance is actually cause I think damage because insurance carriers are doing the calculations and they're realizing well
00:39:49.920 --> 00:39:56.730 Sean O'Rourke: If they don't pay the ransom. They're going to be down for possibly four to five days because they're not really well prepared.
00:39:57.240 --> 00:40:10.110 Sean O'Rourke: And they're going to have to rebuild everything go have to clean everything that's going to cost way more than just paying the ransom. And then cleaning up once the data is decrypted so just pay the ransom.
00:40:10.590 --> 00:40:12.630 Eric Sarver: More than the rest, more than even a five.
00:40:13.140 --> 00:40:23.310 Sean O'Rourke: Figure ransom. Oh, I mean, so if it's a million dollars they assume that the company can pay a million dollars, which means it's a lot of data or abroad system.
00:40:23.760 --> 00:40:24.150 Eric Sarver: And
00:40:24.210 --> 00:40:39.060 Sean O'Rourke: It may cause significant money to to repair that and bring that back to normal state. So what's happening is, is that the insurance carriers who saying just pay the ransom where the FBI and law enforcement saying no, don't pay the ransom.
00:40:39.660 --> 00:40:43.470 Sean O'Rourke: All you're doing is what it's sort of feeding the the frenzy.
00:40:43.890 --> 00:40:45.510 Sean O'Rourke: And it will continue the frenzy.
00:40:46.950 --> 00:40:50.040 Sean O'Rourke: So it's basically like chumming the water is if you're trying to
00:40:50.040 --> 00:40:51.060 Sean O'Rourke: Bring sharks.
00:40:51.330 --> 00:40:51.660 Eric Sarver: Yeah.
00:40:51.720 --> 00:40:59.700 Sean O'Rourke: With tourists. But you got to tell them the waters to create the frenzy. Well, that's exactly what's happening when you pay a ransom on a ransomware attack.
00:41:00.180 --> 00:41:02.700 Sean O'Rourke: So in that vein.
00:41:04.230 --> 00:41:18.000 Sean O'Rourke: The insurance carriers are doing the math for their perspective, but they're not doing the long term math and I think they're there. They've been short sighted when it comes to costs associated with recovery from just let's say a ransomware attack.
00:41:18.750 --> 00:41:25.530 Eric Sarver: Right to the other than maybe had the individual situation and now almost being carried away and situation. I'm just counting up the money and seeing
00:41:25.890 --> 00:41:40.530 Eric Sarver: Which is a cheaper option, but in the long term, what they're either maybe choose look, we're fine. We're just not focused on is the fact that by paying the ransom. You are a native you're encouraging your name and your foster an environment where
00:41:41.610 --> 00:41:52.620 Eric Sarver: It's kind of I think around. So I think of the old you know old fashion sort of the water and type shows and you know some being kidnapped and then sure, and then negotiate and don't pay them you know demands them and and
00:41:52.860 --> 00:42:01.860 Sean O'Rourke: Why do though anymore. It's like I made this comparison that john Dillinger john Dillinger have to rob innumerable banks to make a million dollars.
00:42:01.920 --> 00:42:04.440 Sean O'Rourke: Now back that a million dollars was a lot of money.
00:42:04.470 --> 00:42:13.320 Sean O'Rourke: But he had was in physical peril every moment of every day of his life. Basically, once he became a wanted criminal now.
00:42:13.530 --> 00:42:13.950 Sean O'Rourke: Granted,
00:42:13.980 --> 00:42:27.030 Sean O'Rourke: If you're a ransomware person or a hacker nobody knows who you are. Nobody knows where you are and you can rob 100 million dollars with no physical peril to yourself.
00:42:28.680 --> 00:42:36.540 Sean O'Rourke: And so it's changed the game and I think insurance carriers have created it has helped create an environment
00:42:37.110 --> 00:42:42.540 Sean O'Rourke: Where they're more brazen they've become an organized crime syndicate
00:42:43.050 --> 00:42:55.470 Sean O'Rourke: In a lot of ways and nation states are now participating in this which just makes it all of the more difficult for businesses to keep themselves safe But let me tell you the cheat code because I know we're going to go to break
00:42:55.530 --> 00:42:58.200 Eric Sarver: In a few minutes and administrative mature.
00:42:58.260 --> 00:43:05.850 Sean O'Rourke: Cyber insurance can cover a lot of you're unprepared. Notice on the business side.
00:43:06.570 --> 00:43:07.590 Sean O'Rourke: Okay, right.
00:43:07.620 --> 00:43:15.570 Sean O'Rourke: Now, especially in the small to mid size market cyber insurance carriers are insurance carriers are offering and cyber insurance and
00:43:15.690 --> 00:43:16.110 Eric Sarver: And
00:43:16.140 --> 00:43:24.390 Sean O'Rourke: The majority of them are doing so are not penalizing companies who are not prepared on the business side of the house.
00:43:25.500 --> 00:43:32.850 Sean O'Rourke: They will penalize you if you're not prepared on the the it or the technology side of the house, but they don't penalize you yet.
00:43:33.540 --> 00:43:45.750 Sean O'Rourke: If you're not prepared on the business side of the house. And that's a key differentiator, because most of the expenses come from the lack of preparedness on the business side of the house.
00:43:46.230 --> 00:43:57.930 Sean O'Rourke: And if you want to. On the next segment, we can talk about some of those those elements that cyber insurance will pay for that may, you may or may not prepare
00:43:59.310 --> 00:44:00.240 Sean O'Rourke: Your company for
00:44:00.600 --> 00:44:05.550 Eric Sarver: I think that's a great next segment begin talking about that and maybe also what is it business owner to do
00:44:05.880 --> 00:44:23.550 Eric Sarver: Let's say when one hand they have the FBI and other law enforcement authorities, the model there the you know the vices don't pay the ransom. The ransomware and then or the cost of that the insurance company starting to settle, I wonder whether to pay it. Then I wonder if they
00:44:25.230 --> 00:44:36.180 Eric Sarver: If they don't follow the insurance companies. They know we're not going to pay this on principle will use Wi Fi coverage. I think that's a good question I asked one here. After the break, when you were about to say just a moment ago, in terms of the
00:44:37.230 --> 00:44:41.250 Eric Sarver: Business side that the companies are no longer being penalized so
00:44:42.330 --> 00:44:55.170 Eric Sarver: Sean, this is all great stuff really good information. I think our guests, rather than our are Listening, Listening, Listening to you as our guests would really benefit from it. So everybody sticking around back in a little while with them, showing our work.
00:47:13.680 --> 00:47:22.620 Eric Sarver: Welcome back folks, we're here with Sean overwork cyber liability consultant and CFO of comms and company, Sean. Thanks again for being on the show tonight.
00:47:23.130 --> 00:47:24.270 Sean O'Rourke: Appreciate that.
00:47:24.690 --> 00:47:31.650 Eric Sarver: Sure I you know I think you have really good timing and rhythm. I'ma say, in terms of sideways and wrapping up top. It's going to the next one. So I do
00:47:31.920 --> 00:47:33.270 Sean O'Rourke: See the note about the break.
00:47:33.270 --> 00:47:33.930 Sean O'Rourke: So I try
00:47:34.950 --> 00:47:42.960 Eric Sarver: Yeah, that is true. But to be fair, but you still have a good good knack for it. I just want to backtrack for a moment, not to throw you off there. The topic of
00:47:43.710 --> 00:47:55.620 Eric Sarver: About the cyber insurance and about companies, no longer penalizing but but just accepted that money piece right talks about the if you had to say. Take a picture scale and on one side.
00:47:55.950 --> 00:48:10.920 Eric Sarver: We talked about the money. The cost of inevitable eventual cyber attack ransomware hacking, what have you, a phishing email compromise data and results that can end up in the 10s of thousands of dollars and point possibly more
00:48:12.030 --> 00:48:24.000 Eric Sarver: And we talked about bread me of the, the cost, but I just to clarify for viewers to cost of, let's say, a good cyber insurance policy. Oh.
00:48:24.090 --> 00:48:24.420 Sean O'Rourke: Yeah.
00:48:24.480 --> 00:48:32.970 Eric Sarver: You'd be spending right there because let's say they come to you for a solution and you're trying to help them. And that might be a good segue into what
00:48:33.720 --> 00:48:45.180 Eric Sarver: Company do for business as they come to you today Sean I heard, I heard you on the show. I heard what you were saying, I don't want to be unprepared for a cyber attack. What's your solutions. Yeah. What do you do for me. Maybe we can. Yeah, can you get that
00:48:46.080 --> 00:48:54.870 Sean O'Rourke: So, uh, cyber insurance policy is just like any other commercial insurance policy like General Liability professional liability you fill out an application.
00:48:56.700 --> 00:49:00.000 Sean O'Rourke: It gets taken to carriers, depending on who you go to
00:49:01.140 --> 00:49:08.580 Sean O'Rourke: And I'll explain our role in a second and then insurance carriers basically a way, your risk.
00:49:09.360 --> 00:49:17.520 Sean O'Rourke: And they decided whether or not you're worth the risk. If they decide you're worth the risk. Then they assign a number of dollar figure to that risk for 12 months.
00:49:18.030 --> 00:49:27.150 Sean O'Rourke: And that's your premium obviously that takes into account, whatever your deductible is and how much the coverage is going to be someone who's so forth.
00:49:28.050 --> 00:49:43.620 Sean O'Rourke: So a combs and company weren't insurance brokerage and consultancies, so the brokerage means that we work for our clients because we basically go to every carrier that we can and find the best coverage at the best premium.
00:49:44.190 --> 00:49:44.850 Sean O'Rourke: So,
00:49:45.120 --> 00:49:52.380 Sean O'Rourke: We're not always looking for the cheapest premium. Obviously, we could do that. But that's not our role. Our role is to make sure that
00:49:53.250 --> 00:50:00.810 Sean O'Rourke: If you have some sort of event that requires a claim that that claim is going to be covered. And then we do what we can.
00:50:01.350 --> 00:50:10.800 Sean O'Rourke: To put you in a position to where the claim won't be denied. And that's through the application process, making sure that the carriers aware what you do what you have and how you operate.
00:50:11.640 --> 00:50:20.550 Sean O'Rourke: The consultancy side is is broken into three lines and I'll just go through those real quick. There's we do expert witness work for medical malpractice lawsuits.
00:50:21.780 --> 00:50:29.160 Sean O'Rourke: We do individual health insurance consulting. So basically we help individuals find health insurance on the various exchanges and then there's my
00:50:29.910 --> 00:50:42.690 Sean O'Rourke: Department, which is cyber. And that's what we've been talking about after 20 years of trying to keep the bad guys out, in my opinion, there's no way to do it. So I tried to prepare to companies to be hacked.
00:50:43.440 --> 00:50:58.590 Sean O'Rourke: And people look at me really weird when I tell them that they're like, Wait, aren't you supposed to stop it, and I'm like, No, you can't stop it it's it's like water. If the water wants to get in. It'll find its way. And eventually, and that's that's kind of the ways the cyber world is now.
00:50:59.040 --> 00:51:06.480 Eric Sarver: Right. And the word analogy that we're getting in, let's say, Joe place and you can take the valuable take him off the floor and put them in a higher shelves, so you can
00:51:07.020 --> 00:51:16.230 Eric Sarver: Browse have some kind of inflation, you know that that up and some kind of some pump put in so so that's interesting way to describe that in terms of liability insurance.
00:51:17.430 --> 00:51:21.930 Eric Sarver: So in terms of how do you how do companies you say they weigh the risk
00:51:23.280 --> 00:51:37.530 Eric Sarver: I mean, I'm not a cyber liability expert by any stretch, but I'm just wondering allowed myself for that would, would that involve looking at the, the nature of the data or the number of employees who has access to the data, what
00:51:37.590 --> 00:51:38.130 I know
00:51:39.570 --> 00:51:49.860 Sean O'Rourke: So as somebody who used to live and breathe technology. I have a real problem with most cyber liability applications because they don't ask the questions that I think need to be asked.
00:51:50.250 --> 00:51:58.860 Sean O'Rourke: Okay if I was in insurance if I was at an insurance carrier, I would basically gut most cyber insurance applications and rebuild them.
00:52:00.150 --> 00:52:11.490 Sean O'Rourke: But basically what they ask is how many records do you have, and when they say records. I mean, each so security number is considered a record.
00:52:11.790 --> 00:52:16.620 Sean O'Rourke: Each driver's license number is considered a record each credit card numbers considered a record.
00:52:17.040 --> 00:52:31.200 Sean O'Rourke: So you have to, you have to aggregate all that into a number and then you give that they asked about your cyber security. Do you have a firewall. Do you have antivirus is your data encrypted. Is it encrypted at rest, is it encrypted in transit.
00:52:32.100 --> 00:52:49.500 Sean O'Rourke: Due Process credit cards are you PCI compliant, which is credit card processing. Are you HIPAA compliant, which is medical records are you GDP are compliant, which is a European Union's compliance or you CCP compliant now California is new consumer privacy act.
00:52:50.820 --> 00:52:52.830 Sean O'Rourke: So there are questions on there.
00:52:54.360 --> 00:52:56.610 Sean O'Rourke: What happens though is that
00:52:57.840 --> 00:53:08.610 Sean O'Rourke: You say no to being compliant when you should. There's no penalty really at the moment, the market is a little over saturated with carriers offering cyber insurance.
00:53:08.640 --> 00:53:11.280 Sean O'Rourke: Sort of premiums are artificially low at the moment.
00:53:13.710 --> 00:53:29.430 Sean O'Rourke: And that's why I try to convince people to get cyber insurance now because the premiums have started to rise, and they will definitely go up next year. And once the insurance industry sort of discovers all the fallout of what happened during 2020
00:53:30.330 --> 00:53:33.720 Sean O'Rourke: And so better to get in at a lower number
00:53:33.840 --> 00:53:37.650 Sean O'Rourke: And have it go high, and again in in a higher number and have a go higher.
00:53:38.070 --> 00:53:39.480 Sean O'Rourke: Right and so
00:53:40.710 --> 00:53:42.960 Sean O'Rourke: But what I had said before is that
00:53:45.030 --> 00:53:46.920 Sean O'Rourke: You're going to pay. I mean,
00:53:48.690 --> 00:53:50.820 Sean O'Rourke: Everybody's unique. I can't. I can't.
00:53:51.060 --> 00:53:58.740 Sean O'Rourke: Sure, I can't give you a definitive number, but I will tell you this, we're paying an obscenely low premium for combs and company.
00:54:01.620 --> 00:54:10.680 Sean O'Rourke: Based on what I consider us how I consider us to be a potential target. Now we don't carry a lot of sensitive information. We just that's just not what we house.
00:54:11.010 --> 00:54:16.890 Sean O'Rourke: When we carry enough now I just did a lawyer, a solo printer.
00:54:18.450 --> 00:54:20.100 Eric Sarver: That is, you mean when you say you did.
00:54:20.400 --> 00:54:23.520 Sean O'Rourke: Got the guys I got her a cyber insurance policy, sorry.
00:54:24.390 --> 00:54:30.840 Sean O'Rourke: And she's paying 1100 dollars for the year. And she's got a lot of sets of information.
00:54:31.350 --> 00:54:32.700 Sean O'Rourke: For the last
00:54:33.600 --> 00:54:34.350 Sean O'Rourke: 12 months.
00:54:34.740 --> 00:54:35.070 Well,
00:54:36.360 --> 00:54:37.110 Sean O'Rourke: I did.
00:54:38.550 --> 00:54:49.350 Sean O'Rourke: There's a medical billing client of ours, they have read ticketless amounts of sensitive information and the way they access it would keep me up at night.
00:54:50.400 --> 00:54:50.910 Eric Sarver: Because
00:54:50.970 --> 00:54:53.430 Sean O'Rourke: If I was there. It folks.
00:54:53.550 --> 00:55:01.290 Sean O'Rourke: And they're paying 3500 a year for a $5 million policy which
00:55:01.440 --> 00:55:06.750 Sean O'Rourke: I thought I thought was going to be around eight to $10,000 and they're paying 3500
00:55:07.680 --> 00:55:08.910 Sean O'Rourke: Hmm, so
00:55:09.180 --> 00:55:10.290 Sean O'Rourke: It's inexpensive.
00:55:10.710 --> 00:55:27.330 Eric Sarver: Relatively speaking. So I just want to hear you, Sean, is that you know you, including the company, not only you have clients get affordable policies, but it's not as if the the cheapest policies is the main thing you got after your after them. It sounds like you're trying to get them.
00:55:27.660 --> 00:55:29.220 Sean O'Rourke: Well guys, have the right coverage.
00:55:30.750 --> 00:55:31.110 Sean O'Rourke: Ratio.
00:55:31.590 --> 00:55:41.370 Eric Sarver: Recognize recognizing that each company. I mean, I could and I think that you've shown on the show today, just a wealth of knowledge around these issues. I mean, just you know what you've described
00:55:41.850 --> 00:55:49.920 Eric Sarver: It's refreshing to me because I think as professionals. We need, we have an obligation I think three mind clients and prospective clients that
00:55:50.310 --> 00:55:59.520 Eric Sarver: The cheapest isn't always the best and that sometimes you need to pay a bit more. Of course, there are factors that come into play internal
00:55:59.940 --> 00:56:16.980 Eric Sarver: Conditions and quality and such. So, you know, I hear that you try to fit your clients with the best policies and is that sort of that's part of the whole preparing to be hacked. Do you have a policy in place. And so then the person does get hacked and they rely on the policy and
00:56:17.010 --> 00:56:28.860 Sean O'Rourke: Any of my consulting clients. I've require them to have cyber insurance and they don't have to buy it through combs and compensate. A can go through their existing broker or insurance carrier, but they have to happen.
00:56:29.550 --> 00:56:36.810 Sean O'Rourke: It doesn't make sense to go through all that I'm going to put them through and then they still pay out of pocket when they get hit.
00:56:37.800 --> 00:56:50.820 Sean O'Rourke: The insurance is going to cover a lot of the damage financial damage legal damage in the such. And that's what I said before, on the one teaser. It covers a lot of that inertia work that you won't do.
00:56:51.480 --> 00:57:04.590 Eric Sarver: And be sorry to interrupt you. I know it's been a minute from when you have a chance to give our audience your contact information. Maybe if you have a brief Hamilton might be able to reach you, if they have questions, you want to get cyber insurance.
00:57:04.740 --> 00:57:09.270 Sean O'Rourke: Sure. I mean, you can look me up on LinkedIn, showing our work.
00:57:10.350 --> 00:57:22.260 Sean O'Rourke: And then if you want to reach out to me on the So Mark combs and CO com or you can just go to the website combs Colm BS am AMD co.com
00:57:22.740 --> 00:57:28.440 Eric Sarver: Right, okay. It's, it's been great having you on the show tonight show and I just actually just
00:57:28.440 --> 00:57:29.580 Sean O'Rourke: For a lot of fun. This is
00:57:30.540 --> 00:57:32.250 Sean O'Rourke: live broadcast. So it was good.
00:57:32.610 --> 00:57:47.970 Eric Sarver: I second. My broadcast today mentioned how we run a an earlier seminar for the Queen's Chamber of Commerce discussing ADA compliance website. Shalom as a moderator. I was one of the guests, not the main gas, but a contributing. So we sort of flipped the roles, a bit here right now.
00:57:49.110 --> 00:57:57.840 Eric Sarver: Yeah, it's been great to talk with you, Sean. Thanks again for being on the show. And we're I think read about at the hour and always goes so quickly into it.
00:57:59.040 --> 00:58:11.010 Eric Sarver: I think you've covered some issues they are you give them your contact information. I'd say if anyone has any follow up questions, you can always reach out to me at em, so that's
00:58:11.430 --> 00:58:20.670 Eric Sarver: Eric, he isn't Eric Amazon Mitchell SS and Sava Eric Sabra com or as Sean mentioned, you can go to his email so work is it
00:58:21.060 --> 00:58:21.330 Eric Sarver: That
00:58:21.570 --> 00:58:30.180 Eric Sarver: Some of the company. COM. Yes, though. That's per episode tonight folks for the employment law today. Episode two on cyber
00:58:30.660 --> 00:58:41.670 Eric Sarver: Security cyber insurance and cyber liability, a very pressing issue, especially now in the time of Cobra 19 so if you're a small business, stay hopeful stay inspired. Don't give up.
00:58:42.120 --> 00:58:48.240 Eric Sarver: There's lots of resources, as you've heard, I'll be announcing next week's guest in upcoming
00:58:48.720 --> 00:58:52.890 Eric Sarver: Social media LinkedIn, Facebook and Twitter posts and on talk radio. Am I see so
00:58:53.280 --> 00:59:07.440 Eric Sarver: Once again, I'm Eric sovereign from the loft, Eric. I'm sorry. Practice employment law business law for small to mid sized companies and tune in next week for episode three of employment law today. Thank you all for joining us tonight. And thank you, Sean. Thanks.