Privacy in practice: Responding to daily cyber threats sharpens Polsinelli tech team

Editor’s note: The following content is sponsored by Polsinelli PC but independently produced by Startland News.

We see the fallout nearly every day.

Another company, government or celebrity that’s been technologically compromised, prompting officials to scramble on how to best calm customers, citizens and stakeholders.

And when you lead one of the nation’s top cybersecurity law firms, you’re bound to see some frequent action, said Greg Kratofil, chair of Polsinelli’s Technology Transaction and Data Privacy Practice.

Greg Kratofil, Polsinelli

“We get about two to three incident responses a day now,” Kratofil said. “They range anywhere from lost or stolen laptops to ransomware, wire fraud and foreign national phishing attacks.”

Since July, the Kansas City-based law firm has helped recover a whopping $12 million for its clients, Kratofil said. Many of the plots are wire fraud schemes relying on targeted email phishing techniques that learn a company’s internal processes to make the attacks seem reputable, Kratofil said. If Polsinelli can get access to the incident within the first 72 hours, its team has a chance to recover the stolen money, he added.

As these malicious maneuvers grow more sophisticated, so too does the need for a more experienced response team that can mitigate damages, Kratofil said.

“When addressing technology transactions, clients need legal counsel familiar with both technology and the industry-specific issues and regulations,” he said. “Polsinelli differentiates from other law firms through its focus on combining deep technical understanding and industry expertise with a client-centric business growth approach.”

To educate clients on the business implications and risks around cybersecurity, Polsinelli conducts mock security threats, called “tabletop breach exercises.” In such exercises, Polsinelli attorneys facilitate a fake security breach exercise that will require clients to quickly access incoming threats.

After a threat is detected and analyzed, Polsinelli attorneys help clients establish response strategies and think both short- and long-term on how such actions could impact their organization, Kratofil said.

“The process of testing the preparedness is paramount,” he said. “Sitting down with a client and presenting them with a scenario and having them practice the response helps substantially.    Like anything, you need to practice to be good. You can’t just put a plan together and say you have it and throw it in a drawer. Clients need to practice their response so when the incident occurs the response is calm and second nature to them.”

To learn more, Startland News recently sat down with Kratofil to discuss Polsinelli’s tech and cybersecurity team.

Tell us about Polsinelli’s strategy with its tech and cybersecurity team.

Our mission is to provide clients with strategic guidance in the creation, acquisition, use, exploitation and protection of technology and data. … It is important to have a group of lawyers that are well-versed in technology contracting and the unique issues around technology, such as licensing, intellectual property, cloud-based delivery and service levels to just name a few. But when you combine those technology attorneys with lawyers that have strong knowledge of the industry and its regulatory environment, the result is the best legal advice for a client’s technology-related issues. It really takes both pieces.

In 2017, Polsinelli earned a spot on BTI Consulting Group’s Law Firms Best at Cybersecurity. What’s this distinction mean for the firm and its more than 30 tech-focused attorneys?

Kansas City’s information security industry is probably better known outside of Kansas City than locally. Our group has a history of working with some of Kansas City’s top information security companies. Polsinelli’s Privacy & Cybersecurity Practice leveraged this experience when several years ago we started to take the expertise we developed in representing information security companies and turned it outward to help clients with their privacy and information security needs. Today, we do have one of the top privacy and cybersecurity practices in the country. This area includes some of the top healthcare privacy attorneys in the country, including three former attorneys at the Department of Health and Human Services’ Office of Civil Rights — one of which is the most recent acting deputy director and senior advisor for HIPAA compliance and enforcement. We are very good at pre-breach counseling, but we were missing the incident response piece.

What industries does this tech group focus on?

While the group works in a number of industries, there are three core practice areas that our group is especially well known on a national basis: financial tech, healthcare tech and privacy and cybersecurity. All three areas are very hot right now.

How does the tech group handle new laws, such as European General Data Protection regulations and California’s new Consumer Privacy Act?  

These laws put substantial obligations on companies around security and their use and protection of consumer data. We expect some of the first enforcement actions from GDPR to happen before year’s end. Our team has two European privacy lawyers that are dual licensed and dual citizens of U.S. and European Union countries, who along with other GDPR experts, are extremely busy. A good resource to point people to is the Polsinelli on Privacy & Data Security blog.

Does Polsinelli work with any blockchain or cryptocurrency companies?

Polsinelli has one of the top FinTech practices in the country, especially around digital currencies and blockchain technology. Our group represents online payment systems, digital wallet providers and trading platforms with lawyers that speak all around the world on the latest developments. … Companies and investors interested in the cryptocurrency space should definitely seek out knowledgeable counsel. There is a lot of misinformation out there and a lot of potential state and federal regulatory pitfalls. Enforcement and regulation in this area will definitely increase this next year.