Proactive Information Security


July 30, 2019

“You can’t protect everything absolutely all the time.” 

Ryan J. Cooper is the Principal of Cooper, LLC. As the founding partner, Ryan started Cooper, LLC to focus on achieving the results that matter for each client, recognizing that each client is different. Ryan draws upon a diverse experience obtained at a premier international and national law firm. Ryan has counseled clients on strategic corporate transactions and successfully litigated matters in state and federal courts throughout the country. With a depth of experience that includes strategic business planning, high-stakes litigation, and insurance coverage counseling, Ryan has a unique combination of skill sets that rank him among his client’s most trusted advisors.

There is no magic checklist for information security.

Ryan:  “There is a gold standard we want to achieve, but there is no checklist that you can just mark off the boxes and say, ‘Congratulations’. There’s two questions… that clients have to confront.”

Ryan:  “One is whether or not they’re protecting information for third party risk, which is when clients have other people’s information that they need to keep secure. Now that may be clients who have consumer data or maybe clients who are vendors to other businesses.”

Ryan: “So that’s one level of security. And then there’s another.. which is first party security. And that is clients I have who have very valuable and proprietary information. It may be sales data, it may be intellectual property such as trademarks or patents, etc. And so that’s often the first question that we need to confront. And then beyond that, if you look at a lot of the standards organizations, there is conflicting information.”

 Defense and proactive litigation for third parties.

Ryan:  “You see third parties being the target more and more. And that’s because they’re aggregators. They’re a gateway. Either they’ve aggregated data from a bunch of different clients and therefore a hacker can get a bigger pot in a single hit or they have the gateways to multiple clients. Proactively, I think there are three things I always hammer clients about when we want to prepare ourselves and position ourselves to be strongest against third party risk.”

Ryan: “The first issue is smart contract policies. They will include certifications from the vendor as to their security requirements or their security standards that they meet our client’s requirements. They need to have insurance provisions. You need to make sure that you’re added as an additional insured on those policies so you have direct access.”

Ryan: “Contract provision terms, you need to then follow up and actually implement those contract provisions. Particularly when you have a contract that allows you to due diligence your vendors, you really got to do that. And you can and you should. And that’s why you put it in there, in the contract, in the first place. You need to due diligence to make sure your vendor’s doing what they said they are going to do. And also when to jump ahead for a second to the litigation side.”

Ryan: “Then insurance for yourself. I’m a big proponent that any comprehensive information security plan has to have its own crafted in cyber insurance policy for the areas you can’t secure. At the end of the day we also have insurance because you can’t protect everything absolutely all the time. And so you need to have an insurance policy that is designed so that if the worst should happen that you do have coverage that will help you either make you whole or cover you for your liability.”

To learn more about Ryan, connect with him here on LinkedIn.

 Listen to Ryan’s full Discussions by Integris podcast episode on Wednesday, July 31st.
Tyler Daniels is a Senior Marketing Specialist with Integris.

Keep reading

“Anything We Can Do to Make It Right Is Our Thing”

“Anything We Can Do to Make It Right Is Our Thing”

Scott sits down with Jared Nolan, CEO of Norman & Young, a full service media company serving real estate agents. Jared talks about the highs and lows the pandemic has brought the industry, the new technology and standards raising the bar in the industry, and how...

How Companies Fail Vulnerability Management

How Companies Fail Vulnerability Management

Susan and Nick talk about Nick's must-haves for vulnerability management programs, and the best practices for whoever owns that process in an organization. Check out the transcript below and listen along with the embed, Spotify, Apple Podcasts, or your favorite...

What IT Leaders Are Facing, and How to Fix It

What IT Leaders Are Facing, and How to Fix It

Anthony sits down with Stephen Hanson, Regional Director of Sales for Integris in the midwestern region, for a discussion on the problems and opportunities that IT leaders across the country are facing, and the possible methods of resolving these issues in the short...