Cybersecurity is essential for every practice that relies on technology. In this episode, guest Kaitlin Upchurch, Senior Vice President and Cyber & Tech Practice Leader at Lockton, addresses the cybersecurity questions practices are—and are not—thinking about. She explains why cybersecurity risks are often misunderstood, what makes health care a prime target, and why insurance alone is not enough. Tune in to understand your cyber exposure, the biggest threats facing practices today, and the first steps to strengthen your protection beyond buying a policy.
Listen to the full episode using the player below, or by visiting one of the links below. Contact ByrdAdatto if you have any questions or would like to learn more.
Transcript
*The below transcript has been edited for readability.
Intro: [00:00] Welcome to Legal 123s with ByrdAdatto. Legal issues simplified through real client stories and real-world experiences. Creating simplicity in three, two, one.
Brad: [00:13] Welcome back to Legal 123s with ByrdAdatto. I’m your host, Brad Adatto, with my co-host, Michael Byrd.
Michael: [00:19]As business attorneys for health care practices, we meet a lot of interesting people and learn their amazing stories. This season’s theme is Asking for a Friend. We will tackle questions that practices are sometimes afraid to ask.
Brad: [00:33] Yes. And audience, remember this is a safe place. Everyone knows, Michael, that if you’re asking for a friend, and you use that, that magic word, “I’m asking for a friend,” it really isn’t you asking the question. It’s really for your friend. Now, Michael, I’m excited to bring on our guest to the show, but before we do, did you hear about the new, the huge, ginormous retirement news?
Michael: [00:57]You’re, you’re finally retiring?
Brad: [00:59] No, you are.
Michael: [01:00] Oh.
Brad: [01:01] No. No. This came out of Colorado. For those not keeping up, Ralphie the VI, the Colorado Buffalo, live mascot, is retiring just after four short years.
Michael: [01:12]Well, on the one hand, I’m grateful that you’ve have kind of moved away from movie talk. But I’m noticing a new infatuation with mascot talk. Why the retirement? I’m going to humor you for a moment with Ralphie.
Brad: [01:27] Okay.
Michael: [01:27] Too old?
Brad: [01:28]No, not exactly too old.
Michael: [01:30] Okay.
Brad: [01:31] Did you know that Ralphie runs during the Colorado games? That’s, like, one of the most famous opening part is they run her out there, and they have five handlers running with her. And apparently, but Ralphie gets the handlers, the Ralphie handlers is what they’re known as, up to 25 miles per hour when they take off running in the beginning of a game.
Michael: [01:50] Do you realize how fast 25 miles an hour is?
Brad: [01:53] No.
Michael: [01:53] Yeah. Well, I think most football players on the team can’t run 25 miles an hour, so they must really get into their recruiting of their handlers.
Brad: [02:04] Of the handlers. Yeah.
Michael: [02:05] Yeah.
Brad: [02:05] Maybe the football team, the Colorado football team should start training with Ralphie to get better. But apparently Ralphie wasn’t really performing up to the standards because she had some indifferences to running. Based on her disposition, it was in her best interest, according to Ralphie, was she found relaxing strolls more fun in the meadows. Um, and that was really apparently her favorite hobby, was just kind of strolling around.
Michael: [02:29]I’m connecting on many levels with Ralphie right now.
Brad: [02:32] Yes. Yeah.
Michael: [02:33] Yeah.
Brad: [02:33] You know, a relaxing stroll does go a long way in my book too.
Michael: [02:36] Yeah.
Brad: [02:36] You know, Ralphie got me thinking about indifferences though, Michael. So what, Michael, what indifferences do you have?
Michael: [02:43] I can’t say you, right?
Brad: [02:44] No.
Michael: [02:44] Okay.
Brad: [02:44] Instead I said-
Michael: [02:45] All right
Brad: [02:45]… no.
Michael: [02:46]All right. I’m, trying to think of something, because I can’t go with the things I don’t like, indifference.
Brad: [02:52] Yeah. Right.
Michael: [02:52] I am indifferent to all forms of motor sports. I just don’t understand the passion, in particular for NASCAR. I haven’t been able to get into F1, and I know there’s a Netflix show, and I know that if I watch it, it’s probably going to make me connect and like it more, but just, I’m indifferent.
Brad: [03:15] Okay.
Michael: [03:15] Okay.
Brad: [03:16]Well, first, you’re missing out on F1.
Michael: [03:17] Okay.
Brad: [03:18] Second, I would say that if you do watch the F1 Netflix series, Drive to Survive, you will actually get into it, it’s a great show.
Michael: [03:28] I do have a guess for you, though. I’m guessing you’re indifferent to quality podcasting.
Brad: [03:33] Michael, we have a podcast already.
Michael: [03:36] I know. I’m just… People have seen you. I’m just speaking for the audience.
Brad: [03:41] Let’s just cut all that.
Michael: [03:42] Okay.
Brad: [03:42] Just cut it all.
Michael: [03:43] Okay. Okay.
Brad: [03:44] All right. So back to…
Michael: [03:46] What are you indifferent about?
Brad: [03:47]You started talking about watching things. It made me think about reality TV shows like Love Island or The Bachelor, Bachelorette, or The Old Bachelor, whatever they call them now. Every time one of our colleagues starts talking about this, I’m so not interested.
Michael: [04:04]Yeah.
Brad: [04:04]So very indifferent.
Michael: [04:05]:I’ll have to actually agree with you on that one, and they kind of make me tense.
Brad: [04:10] Oh.
Michael: [04:10]Yeah. Those reality shows.
Brad: [04:13] Yeah.
Michael: [04:14]Well, let’s get into it.
Brad: [04:16] Yes.
Michael: [04:16] What do you think?
Brad: [04:17] Let’s, let’s bring on our guest.
Michael: [04:17] We have a guest who’s sitting here very patiently.
Brad: [04:20] Everyone in TV land notices the guest.
Michael: [04:21] Yes. So joining us today is Kaitlin Upchurch. She is the senior vice president, and cyber and tech practice leader for Lockton, the world’s largest independent insurance brokerage. Cyber risk advisor with nearly 20 years in cyber risk and insurance experience. An undergrad from Wake Forest with a BS in business and French. And no, Brad, please, and Kennedy’s nodding, she knows, please do not talk, start talking French. Um, she loves-
Brad: [04:52] I’m good at speaking French, by the way.
Michael: [04:53] Yeah.
Brad: [04:54] Very well.
Michael: [04:54] Well, fake French. She loves participating in podcasts, according to your bio, which I’m excited, and a first-time guest on our podcast. Welcome.
Kaitlin: [05:05] Thank you.
Brad: [05:07] Well, we’re going to hit you with a very important question right up front. Do you have any indifference to running 25 miles per hour, or running, or anything else of that sort?
Kaitlin: [05:15] So I can actually relate to the comment about the, the motor sports, because I grew up in North Carolina.
Brad: [05:22] Oh.
Michael: [05:22] Oh, yeah.
Kaitlin: [05:23] And NASCAR is, is a big thing, right?
Brad: [05:25] Sure.
Kaitlin: [05:25] Motorsports. So, I’ve equally had the reaction of, “Why am I not fully into F1?” and all of this. So, I, I think I’m indifferent, but I also haven’t dove into it. And In fact, I was invited to go to F1 this year, and I didn’t go, but it’s going to be a bucket list thing. I’m going to go next year.
Brad: [05:42] Yeah.
Michael: [05:42] Yeah.
Brad: [05:42] When they invite, just next time just say, “Oh, I can’t, but my best friend, Brad-“
Kaitlin: [05:46] Yeah. “My new best friend.”
Brad: [05:47] “My new bestest friend-“
Kaitlin: [05:48] Yes.
Brad: [05:48]”… he can go.”
Kaitlin: [05:49]Perfect.
Michael: [05:49] Well, at least it’s not all left turns with F1.
Kaitlin: [05:52] Or I wouldn’t even know.
Michael: [05:53] It’s more curvy.
Kaitlin: [05:54] I don’t know anything about it.
Michael: [05:56] Yeah.
05:56 Kaitlin
So definitely an indifference.
Michael: [05:57] Okay.
Brad: [05:58] There you go.
Michael: [05:58] Yeah, I’m right there with you. All right. Well, let’s get into it. And I’d love to just start with you kind of introducing yourself, to the audience, talking anything I didn’t cover. Love to learn more about you
Kaitlin: [06:11] So, originally, um, for context, I grew up in North Carolina and went to school. Uh, I studied business, studied French, and didn’t really know what I wanted to do with that degree after college. But I said, “You know, I want to get into international business.” That’s, like, the thing that I said.
Michael: [06:26] Yeah. Fancy.
Kaitlin: [06:28] But, like, what does that mean? I don’t know.
Michael: [06:29] Yeah.
Kaitlin: [06:29] I just wanted to do international business.
Brad: [06:31] No, but it sounds good. I like it already.
Kaitlin: [06:32] It sounds really good.
Brad: [06:33] Yeah.
Michael: [06:33] Yeah.
Kaitlin: [06:33] Yeah. I had visions of being in a boardroom and talking to executives and just kind of making decisions.
Brad: [06:41] Mostly in French, right?
Kaitlin: [06:42] Mostly in French. Un petit peu en français. Oui.
Brad: [06:44] Yeah. Sí. Je parle un petit peu de français.
Kaitlin: [06:47] Un petit peu. Un petit peu. But I live in Texas, so I don’t get to speak a lot of French here.
Brad: [06:50] Yeah.
Kaitlin: [06:50] I’m working on that.
Brad: [06:51] Okay.
Kaitlin: [06:51] Maybe the next podcast, if I come back, can be in French about cybersecurity.
Brad: [06:55] Yeah.
Michael: [06:55] Y’all can start one together.
Kaitlin: [06:57] That would be great.
Brad: [06:57] Yes.
Kaitlin: [06:58] That is such a niche.
Brad: [06:59] Yes.
Kaitlin: [06:59] I love that.
Brad: [07:00] Very nichey, like two people.
Kaitlin: [07:03] Yeah. So anyway, that was kind of the idea, but I didn’t really know what I wanted to do with that degree. So an insurance company came calling, um, Chubb Insurance, at our university and said, “Hey, you know, it’s not banking, it’s not consulting, it’s not finance, it’s not, um, marketing, but insurance is a great mix of marketing and also analytics.” Just, you know, trying to be really technical.
Kaitlin: [07:29] So I took a job out of college working for Chubb, Chubb Insurance as an underwriter, doing different executive liability insurance products, so directors and officers liability, employment practices liability, professional liability, and, uh, cybersecurity was one of those, those products at the time. So, um, you know, that vision of going into the boardroom and helping companies manage risk or making decisions, that tracked enough with what I wanted to do that it sounded like a really fun and exciting opportunity. So I joined Chubb right out of college and started working with these different products as an underwriter, and that was when I was first exposed to cybersecurity insurance. And this was 2007, so at the time, cybersecurity insurance was just something that people… I’d say Chubb, we were, we were pushing it as something we wanted our clients to be aware of, especially health care companies and retail organizations and financial institutions. But it was still early days.
Kaitlin: [08:27] So people weren’t really responding to cyber insurance. They were like, “Well, you know, I don’t have this risk. What is this risk?” They had a lot of the same questions then that they actually have now.
Michael: [08:37] Mm-hmm.
Kaitlin: [08:38] So I did that for a few years, and one of the things that I felt like I was missing in that role is the insurance companies work through agents and brokers. And so a lot of times, my message and my distribution was to work through an agent to then talk to the end users. They talked to the law firm. And what I really wanted to do was, was be in the room with the customers. I wanted to hear their stories, understand, you know, what their challenges were at the company, understand the management team’s mindset. So a few years into that role, I moved over to, um, work for an insurance agent, a company called Wortham Insurance down in Houston.
Kaitlin: [09:14] And that’s when I really dove into the world of professional liability and cyber insurance for, for customers. Um, and kind of to make a very long story short, I, I continued in that, that world of working at an agent or working at a broker, where we go into the companies directly and, and we have meetings, and we sit down, and we talk about their risks. And I was about 25 at the time when I took that job, and one of the senior leaders in our company said, “Hey, Caitlin, you’re young. You can text. Here’s some cyber insurance policies. You should, you should focus on this.” “Like, you should specialize on this.” So that’s a story I tell everybody with, um, how I got into cybersecurity as, as a niche, as an interest. Um, but the truth is, it’s something that I, I was just really interested in from the beginning because it was helping solve a problem for a business that not a lot of people understood, not a lot of people were interested in, and it was kind of, you know, something the world needs.
Michael: [10:10] And it got you in the boardroom.
Kaitlin: [10:11] Got me in the boardroom.
Brad: [10:13] That’s fascinating. Michael mentioned that you’re at this, this new company that we haven’t mentioned yet, so why don’t you talk about Lockton?
Kaitlin: [10:22] Yeah. So, um, Lockton, we are a global insurance and risk management firm. We are a privately held business, so that’s one of the unique things. We’re a really big company, but we’re family-owned.
Brad: [10:34] Mm-hmm.
Kaitlin: [10:35] And we have offices all over the world.
Brad: [10:38] Wow.
Kaitlin: [10:38]We have cybersecurity teams that specialize in cybersecurity and technology risk, and now AI is part of the conversation. We have over 100 associates globally that focus on this. So my, my role at Lockton is I am responsible for this part of our business and helping clients here in Texas for the, this part of the country. Um, but I work with other, other teams across the US, other teams across the globe, and we help companies from a small not-for-profit all the way up to Fortune 500 companies navigate cybersecurity and data privacy challenges and technology challenges in their business. And ultimately, we either help them find insurance solutions, or we help them, um, answer questions, you know, kind of tackle who to call for certain cybersecurity challenges. But, you know, we are an insurance brokerage firm at the end of the day, but we do so much more for the clients on a daily basis.
Michael: [11:38] And, and we’ll get into it, and I’ll introduce kind of our theme question in a moment, but, my observation is that cybersecurity is a very confusing risk for, I’m guessing, for the clients to understand. I just know when we get the calls either on the front end wondering what this is and why they need it, or, when something happens, like what in the world do they do with it? It seems like it’s a confusing risk.
Kaitlin: [12:10] Absolutely, it’s confusing. It’s, I think, intimidating. You know, you talked about the term indifference. I don’t know if I’d go so far to say that people are indifferent about cybersecurity. I think years ago, they had the choice to be indifferent about it, but today unfortunately they can’t.
Michael: [12:27] Yeah.
Kaitlin: [12:27] Especially, you know, health care. I know we’ll talk about that a little bit today. But it’s, it’s just a topic that is very hard to… If, if you’re running a business, if you’re starting a company, if you’re not in the technical world, you can’t really visualize cybersecurity.
Michael: [12:44] Yeah.
Kaitlin: [12:44] You can’t understand necessarily what impact it makes on the resiliency of your business. And the challenge in cybersecurity is you have very, very technical individuals trying to communicate with non-technical individuals that are making decisions. And so that, that, you know, translation between the tech talk and the executive talk gets lost a lot.
Michael: [13:07] Mm-hmm.
Kaitlin: [13:07] And so that’s why I think even after all these years, some of the conversations we have about cybersecurity are the same that I was having when I was a 22-year-old underwriter at, at Chubb.
Michael: [13:17] Right. Wow. All right. So let’s get into our theme. We were just talking earlier that our theme is, uh, is asking for a friend. And what we found is that this, along with a lot of questions we’ve tackled this season, are ones that our clients don’t ask, maybe for the very reasons we just talked about. So I will ask for a friend, kind of in a Dear Abby type format. So, I’m actually going to ask for three friends.
Kaitlin: [13:45] Okay.
Michael: [13:45] All right. Three plastic surgeons have a multiple-location plastic surgery practice with about 25 employees. They have their customary malpractice and general liability insurance, and maybe a couple other policies, but they keep seeing all these health care system cyber attacks, and they want to know, do they really need to consider cybersecurity insurance and to understand why.
Kaitlin: [14:13] Yeah. So that’s a great question, and something that I get a questioned about all the time, and our team does all the time. The short answer is yes, they should consider looking at a cyber insurance policy. But I’m going to back just way up for a second.
Michael: [14:29]Yeah.
Kaitlin: [14:29] Because looking at cyber insurance as kind of tacking, tackling the issue in a vacuum a little bit. The insurance doesn’t help mitigate the risk. The insurance doesn’t help… Or I’m sorry, it could mitigate the risk, but the insurance doesn’t help prevent the cybersecurity event from happening. The insurance doesn’t necessarily foster awareness about what could happen to the business. So what we have found is that cyber insurance is a good way to go through the journey of buying a cyber insurance policy, because you learn more from a business perspective about what are my risks to this type of, to, to this type of issue, where are some of my weaknesses, where do I need to ask for help from third-party vendors. It just opens up a really good conversation that is tied between different people within a company. And the short answer about cyber insurance is it’s a product that’s not covered, or it’s a product that exists that is not replaced with general liability, medical malpractice, property insurance.
Kaitlin: [15:31] It was born out of the fact that this risk, digital risk, is a newer risk for businesses over the last, you know, 30, 40 years, and so there needed to be a different insurance product where you could isolate, to the best of an insurance company’s ability, that peril into a dedicated policy form.
Michael: [15:49]So let’s talk a little bit about the journey too, because from our experiences with clients, and I think I know what you’re getting at, which is you have the insurance that helps with the risk, but, you know, what are your policies and your training and those sorts of things that you do to understand that risk and to plan for. So talk a little bit about, you know, that side of it.
Kaitlin: [16:20] Yeah. So it depends. When we meet with a new client of ours, our first step is to kind of figure out where they are in their awareness journey. Are they very, you know, have they engaged in the topic of cybersecurity as a risk issue because they’ve had a ransomware event, or are they a brand-new management team that’s never had to dive into this issue and they just need sort of a 101 conversation about it? So depending on where they are in that spectrum of awareness or knowledge, we’ll tailor our conversation with, “Okay, tell us about your computer system.” You know, some, some businesses, they have a network, you know, your, your email that you’re connected to. Um, they have other vendors, platforms, especially in, you know, the plastic surgery example you gave of your three friends.
Michael: [17:09] Yes.
Kaitlin: [17:09] They have probably client portals, patient portals, and those are all part of a network. So we want to understand, tell us about your network, help us understand what systems interact with your business. And once we understand that, then we start to talk about, well, what could happen if one of those systems is not available, or one of those systems has patient data in it that is compromised or is hacked? And maybe it’s not your friend who caused the hack, but maybe it’s the, the vendor that set up that patient portal for them. Maybe that vendor had an incident. What does your, what does your friend do in that situation? So back to that concept that you can’t really visualize cybersecurity, one of the things I’ve noticed over my years of doing it is that you just have to get people first to be able to visualize the exposure and understand if you can’t turn on your computer one day, what does that actually mean for the business? So once you have that general awareness, then you can start to talk about some of the more technical things that are a best practice.
Kaitlin: [18:09] And, you know, I don’t know how much you want me to go into the weeds on, on this now, but there’s a number of, you know, key things that are best practices from a technical standpoint that, that businesses can do.
Michael: [18:22] Mm-hmm.
Kaitlin: [18:23]Then there’s a number of just kind of general, like employee awareness, training, teaching people not to click on links that come through on their text messages. Just like basic stuff that is actually not incredibly challenging to conceptualize, but for many reasons, businesses haven’t always gotten that off the ground. Budget, prioritization. There’s different reasons why companies just don’t think to prioritize this.
Michael: [18:51] Interesting.
Brad: [18:52] So in your mind, would that be a, a huge… Especially with health care clients, is that a big mis, uh, conception that they don’t realize that, you know, “Oh, I, I bought insurance, so I’m protected. I must be good now.” Is that how it, it rolls? They don’t realize all these other steps that you’re kind of describing for best practices?
Kaitlin: [19:08] Yeah. It’s what I think is going on sometimes is that insurance can sometimes become about compliance, and it’s a little bit about, “Okay, let’s check the box. I need insurance.”
Brad: [19:18] Mm-hmm.
Kaitlin: [19:19] And maybe there’s not that motivation to dig deeper into what is the best practice, because right now, for a health care company, a small health care operation… Okay, we’re going to keep going back to your friend’s example. Your friend, even if he or she doesn’t have fabulous cybersecurity and data privacy controls, they can get an insurance quote through Lockton very easily with very little cybersecurity protection, and that’s because it’s a buyer’s market right now.
Brad: [19:46] Mm-hmm.
Kaitlin: [19:46] But five years ago, it was not the case. You could not get insurance if you hadn’t checked 10 out of 10 things perfectly well in terms of your, um, your cybersecurity maturity. And a lot of small businesses, a lot of health care, they really struggled to get insurance, so there became this perception of like, “Oh,” like, “I can’t get this coverage. It’s hard to get.” You know, “It’s frustrating to get…” You know, “The process is frustrating, so we’re just kind of going to give it up.” Or, so it’s either that camp, or it’s the camp of, “We don’t think we’re a target.” Going back to your misconception question, “We don’t really need to focus on this,” when in reality, anybody that turns on a computer every day is a target, any business.
Brad: [20:30] Yeah, it’s fascinating. We’ve had, clients on before on our podcast who have been hacked, and, you know, they could be a little, a single owner, you know, small practice, and obviously there’s all these giant systems that keep getting hacked. So I don’t think they realize that they’re all available to go after them.
Kaitlin: [20:48] That’s right.
Michael: [20:49] Well, let’s, let’s shift. Let’s talk a little bit to help… And I think for the most part, our audience is going to be the non-technical people, uh, so are your hosts that you’re talking to.
Brad: [21:02] Speak for yourself. I know how to turn the TV on.
Michael: [21:04] Yes, you do, Brad. What are the biggest cybersecurity threats health care practices face?
Kaitlin: [21:13] Yeah. You know, what’s interesting is the threats that a health care practice faces are the same threats that a law firm could face, or that a technology company could face. So, back to that comment of, “We’re not a target,” you, you’re a target simply because you use technology. And another kind of side note before I answer the question more specifically is that certain technologies are targeted by a cyber threat actor, a hacker because they know that that technology is old or hasn’t been patched, or has what we call, like, an open door that the, the hacker can get in more easily. But, you know, the types of… We help clients work through incidents when they have incidents, and if they have a cybersecurity insurance policy, we help them navigate using the insurance to reimburse their lost costs. But if they don’t have insurance, then we also help them. So we’ve seen both.
Michael: [22:07] Mm-hmm.
Kaitlin: [22:08] So the claims that we see are in a few different categories. Number one, ransomware. So are, are you all familiar with, with what ransomware is, or is it helpful to…
Brad: [22:18]No, I think you should… Yes, but it’s great for the, our audience members who don’t, so…
Kaitlin: [22:22] Yeah. So ransomware is basically a type of cybersecurity attack where there’s a certain type of malware that gets into the network of a business, in their, in their computer network, and there is a demand that’s associated with that attack, that malware attack, that is a ransom demand, um, in exchange for releasing information or systems that have been compromised. So if you have a hacker that is attacking a health care organization, there’s patient data, and by law, you have to protect that, the confidentiality of that patient data, and if it’s exposed, you have to notify those patients and those individuals that their, their information has been compromised.
Michael: [23:04] Right.
Kaitlin: [23:04] So hackers can extort the data, and I can, you know, demand $5 million from you, and if you and I are just negotiating on this and you don’t have support for negotiating with me, a professional cybersecurity threat actor, which by the way, is a legitimate business in some, some countries, um, a legitimate revenue-making opportunity for the economy, which is kind of wild.
Michael: [23:27] That is so wild.
Brad: [23:28] Right.
Kaitlin: [23:29] Talk about what you want to be when you grow up That’s just an option in some places. But if, if, if I demand five million from you, there is a negotiation process that can happen whereby ultimately, I may agree to give you back your data with no money that you pay to me, or I may agree to give you back your data if you pay me half that sum. So that whole process of negotiating through that ransom, it’s a major distraction and it’s, it’s a huge pain. So that’s a, a big problem. Um, just any type of general breach or unauthorized access into a, a system that has patient data, that’s always going to be prevalent. Uh, vendor breaches is something we talk about a lot. We see this… We talked about this in the health care space a lot. You use a third-party vendor to support your business operations. That vendor is big and it’s targeted because it has access to patient data. And so that vendor gets hacked, but it operates… It affects your operations because you use that vendor. It also affects your operations because you are legally liable for that patient data, and you’ve hired that vendor.
Kaitlin: [24:33] So just because you outsource to the cloud or another technology provider, you don’t absolve yourself of the liability. So that’s, that’s the second or third-ish thing. And then wire fraud. That happens in any business. An accounts payable transaction happens and I wire fraud, or wire money out to somebody I’m trying to pay. It’s not really them, it’s a, it’s a threat actor. They’ve sent me a fake email asking me to wire funds, so that’s, that’s an issue. And those are just three things. Like, I could go on and on. There’s lots of other problems going on right now. And we haven’t even gotten into AI challenges.
Brad: [25:14] And so if you had, with our time left, one big takeaway that you could give to your typical medical practice, what would be the… You know, they’re sitting there listening to this podcast, they’re like, “I don’t even know where to start.” What would be the, the first thing you can tell them that they can start thinking about, obviously besides buying insurance, um, that they could kind of, like, lean into to help kind of start, you know, embracing the cybersecurity issue?
Kaitlin: [25:38] Yes, and that is where we want to make it easy. The first step is you want to align yourself with somebody in the cybersecurity world. We would love it if it’s Lockton or somebody similar to what we do that understands cybersecurity and can educate you, and take the time to talk to you about your risk. So the first step is basically finding a friend in the cybersecurity world and carving out that time to learn, educate your management team. And the, the strategies for mitigating cybersecurity events are many different tactics. Insurance, technology, training, um, avoidance. You know, don’t sign up with the vendor that’s had multiple breaches. That’s a risk management strategy. But you got to start somewhere, and you’ve got to start with somebody that is in this world, this very niche world, um, of cybersecurity. Otherwise, you are just kind of blindly hearing information from someone that’s not quite as comfortable with the topic. And I think it’s very hard for those types of consultants or vendors or professionals to give you very specific, like, “Okay, step one, this is what you should do.”
Michael: [26:49] Mm. So fascinating. And our time has flown by, and we are out of time. Thank you so much for joining us. We will go to break and come back with a quick little wrap-up. But, really appreciate your insights today.
Kaitlin: [27:06] Thank you for having me.
Access+: [27:07] Many business owners use legal counsel as a last resort rather than as a proactive tool that can further their success. Why? For most, it’s the fear of unknown legal costs. ByrdAdatto’s Access+ program makes it possible for you to get the ongoing legal assistance you need for one predictable monthly fee. That gives you unlimited phone and email access to the legal team, so you can receive feedback on legal concerns as they arise. Access+, a smarter, simpler way to access legal services. Find out more. Visit byrdadatto.com today.
Brad: [27:42] Well, welcome back to the Legal 123s with ByrdAdatto. I’m your host, Brad Adatto. I’m still here with my co-host, Michael Byrd. Now, Michael, this season our theme is asking for a friend, and we had a great conversation with Kaitlin, who came in and really dropped some serious knowledge on cybersecurity and the importance of actually minimizing your risk. And I thought we both had some good takeaways. Number one is, the first thing you do is buy insurance, but that’s not the only thing that you can think about when it comes to this kind of area.
Michael: [28:07] Yeah, for sure. I mean having a cybersecurity policy is so important.
Brad: [28:14] Yeah.
Michael: [28:14] And then actually following the cybersecurity policy. And a huge part of that is training. The emails and other things that your employees are going to be touching in your technology on a day-to-day basis is, uh, going to be a huge risk if they don’t understand what, what safeguards you’re taking to, uh, protect your business.
Brad: [28:38] Absolutely. Well fans out there, this is all the time we have, but guess what? We have our last episode of the season next week, and when we drop our fan favorite when Rachel Walker, Dr. Rachel Walker, plastic surgeon, comes in and drops some serious knowledge about her story and the impact it’s had, uh, starting a business. Thanks again for joining us today. And remember, if you like this episode, please subscribe. Make sure to give us a five-star rating and share with your friends.
Michael: [29:07]You can also sign up for the ByrdAdatto newsletter by going to our website at byrdadatto.com.
Outro: [29:14] ByrdAdatto is providing this podcast as a public service. This podcast is for educational purposes only. This podcast does not constitute legal advice, nor does it establish an attorney-client relationship. Reference to any specific product or entity does not constitute an endorsement or recommendation by ByrdAdatto. The views expressed by guests are their own, and their appearance on the program does not imply an endorsement of them or any entity they represent. Please consult with an attorney on your legal issues.
