Event Information

Description

• Agenda

  • January 15th, 2025 1-2pm EST

    Session 1: Staying Calm in a Cyber Crisis

    In the current environment of daily data breaches and cyber attacks, The TrustBridge offers a live, interactive session, at which attendees will hear real life examples of what can go wrong, what has worked well, what remains uncertain when dealing with the inevitable data breach or security incident, and steps to take to mitigate risk.
    During these events, a panel of industry leaders, cyber experts and legal professionals will step through a cyber incident simulation, involving a membership company and a sponsor who conduct a joint marketing campaign. This is based on a “fake” organization which is under attack. We will examine the scenario, the response and give real-time perspectives from the viewpoint of forensic investigation and mitigation, legal, cyber insurance, and law enforcement considerations.
    These workshops, aimed at senior executives in the Association world, will help prepare them to understand the risks, so if the worse happens, they can learn what decisions will need to be made whilst under pressure, their consequences, how to determine priorities, how to recover and, perhaps more importantly, what not to do.
    But above all, how to mitigate risk and what to do to protect your organization against such attacks.
    No organization is immune, not for profit and for profit: according to recent statistics 66% of organizations say they had been affected by a cyberattack within the past year.
    The data held by all membership organizations, conference centres and hotels, sales companies and retail outlets is all valuable to someone; not least the organization that “owns” it. It is often personal information of individuals - so it should be protected at all cost.

    Join us for this session as we provide templates and a blueprint of what data to look at by product, how to address competitive analysis, and how to fill gaps in data that is lacking.

    January 16th, 2025 1-2pm EST

    Session 2: What next for Data Privacy?

    Trust is the driving force behind the major shift that is taking place in the world of private data that affects all organizations dealing with and interacting with residents, members, and specifically all aspects of online and digital activity.

    The data economy of the future demands a bridging of the trust gap that exists between the member and the organizations with which they interact, requiring greater transparency, responsibility and accountability from these organizations, who need to demonstrate that they are

    • Authentic
    • Trustworthy
    • Socially responsible

    There are 3 key drivers:

    • Regulatory
    • Technical
    • Commercial

    In the future we will see GDPR as the turning point in data privacy regulation.  As “data subjects” become more aware of data breaches and incidents, they becoming more aware of what data is available for possession and how it is used and the value it has.

    GDPR has set a high standard. It states that privacy is a human right.

    Data Protection is a key element of governance and as such, senior executives are responsible; it should not be delegated to an IT manager or a junior.

    Every person involved with the running of an organization, including volunteers, should be made aware of their responsibilities.

    10 key things to take into consideration

    1. Master Your Data Universe – what why where and who
    2. Risk Assessment Adventure
    3. Policies and Procedures
    4. Do not be Overconfident
    5. What is your Third-Party Supply Chain Shield
    6. What is your Data Sharing Strategy
    7. Cross-Border Compliance Navigator
    8. EU / UK Representation
    9. WISP Compliance Check
    10. Comprehensive Data Protection Training

    January 29th, 2025 1-2pm EST

    Session 3: The 3rd party supply chain risk – and introducing the WISP

    As we know, the online world is filled with cyber threats. Every week we hear reports of massive data breaches.  And research shows that over 60% of IT security breaches occur via a Third Party. Meanwhile, the number of third parties that companies are doing business with is increasing. And with it the sharing of an organizations’ sensitive and confidential data.

    Most organizations use 3rd parties somewhere.

    As organizations of all sizes become more dependent upon Third Party data processors to manage and process their most critical information, understanding the key policies, security practices, and other key controls their suppliers use to protect this information becomes critical to operational efficiency AND regulatory compliance

    If you experience a data breach, or the data you are collecting is used for reasons outside those for which you collected it  - you could start to lose consumer confidence and loyalty, as well as face costly penalties for violating data privacy regulations.

    It’s important to note that all suppliers pose a risk, because any data in the wrong hands could be exposed.

    Learnings:

    • Know your data flow
    • Check the suppliers / 3 parties with whom you are dealingrd
    • Check their security protocols are robust
    • Ensure you have data sharing agreements in place

    January 30th, 2025 1-2pm EST

    Session 4: Cyber and Data Due Diligence in the 3rd party supply chain

    We have heard so many stories recently from companies who have received questionnaires, running to many pages, from their clients and or prospective clients, asking about the Cyber Security and Data Protection safeguards that they have in place.

    This is a response to the fact that so many cyber attacks and data breaches originate in the 3 party supply chain.rd

    In May 2021, President Biden issued a cybersecurity executive order

    aimed at protecting federal government networks and modernizing the nation’s overall cybersecurity. This executive order had 7 main elements:

    1. Enhancing threat information sharing
    2. Modernizing the federal government’s cybersecurity
    3. Enhancing software supply-chain security
    4. Cyber Safety Review Board
    5. Standardizing federal playbooks
    6. Improving detection on federal networks
    7. Improving investigative and remediation capabilities

    Learnings

    The key considerations when dealing with all suppliers:

    • Accepting that your supplier has good security practices, good data hygiene and that no breaches have occurred, is not enough.
    • No organization can afford to take on trust that any supplier has full control of their data and that they are compliant with existing and emerging regulations.
    • Clients and customers should see proof of security practices and controls, policies and actual processes from all organizations with whom they are or intend to conduct business
    • All organizations should perform extensive technical due diligence to ensure their investment is wise
    • Target organizations should be prepared or risk a reduction in valuation or cancellation of investment.

    This is not an issue which is going away and cyber / data privacy and protection is now seen as critical to all organizations.

• Policies

  • Review ASAE Program Cancellation Policies