Braden Perry Discusses the Marriott Data Breach with MPI
Braden Perry, a regulatory and enforcement attorney that works in areas of novel and emerging technology with a financial focus, was featured in Meeting Professionals International (MPI) article on the Marriott data breach. “Vendors have a lot of data,” Perry said. “When it comes to supply chains, it is critical to monitor and review your vendors and to mitigate any excess entry points into the system. Following critical data and the data stream can identify areas where more monitoring is required and can also minimize undetected intrusions. While it is impossible to prevent all intrusions, having a cyber policy that identifies weaknesses within the supply chain and enhancing security/monitoring will lessen the risk of landing on the ever-increasing list of companies breached.”
As a former enforcement attorney at a federal agency and Chief Compliance Officer of a financial firm, Perry assists companies in the implementation of technology, including privacy, cybersecurity, and breach management. With breaches accelerating, Perry has seen increased understanding of the importance of cyber security at the top tiers of organizations and on their boards—though there is room for growth.
“The main pain point from IT is the need for the latest resources to keep a company safe,” he says. “Many companies don’t upgrade their information security systems enough, and the technology to breach critical systems is advancing much faster than company security. The board must understand the issues, and the potential harm to a company if a breach occurs. Having a sophisticated board, not only in business, but in today’s cyber and IT security, is a must to understand the issues and protect the company.”
“Finally, the regulations need to be pliable enough to survive the everchanging technology, something which the government does not do well,” Perry said
Kennyhertz Perry assists clients with data security needs, blending traditional legal experience in the corporate and litigation arenas with technical acumen.
We assist clients in prevention, developing robust information security programs, including administering internal compliance and risk assessments, which include the development and implementation of corporate policies and procedures required for compliance with state and federal privacy and security laws, and information security best practices; information security policies; records retention and management policies.
In addition to prevention, Kennyhertz Perry can prepare security incidence response procedures, identify, assess, contain, and mitigate privacy and security breaches, and work with law enforcement to assist in the investigation of the incident. Businesses that are the victims of cyberattacks also must determine when and how to cooperate with government agencies during investigation of an attack, and how best to do so. The lawyers in our privacy and cybersecurity practice, as well as members of our Government Enforcement practice group have deep experience, from both government and private practice, in this area, and help companies navigate the often complicated interactions with government agencies, and can provide both counseling and representation where the threat of prosecution may arise.
Kennyhertz Perry also assists with IT resiliency understanding and engaging at the top management and board level. Traditionally, IT has been misunderstood, and management would not understand the role and responsibility of IT departments. Kennyhertz Perry bridges this gap at all level. At the Board level, directors not only need to be sophisticated with business issues, they also need to be versed in today’s cyber and IT. Translating an understanding of the importance of a proactive IT security policy, and feeling like the company is “on board” with IT security efforts. Many companies have very robust policies and procedures for their business processes, which sophisticated Board members can understand. IT is different. It’s a different language for a business person, and unfortunately most Board members will ignore or defer on issues they don’t understand. So when an IT department presents a robust plan for proactive IT security, it may go ignored or disregarded. This can lead to a reactive plan only that focuses on the “when” as opposed to prevention. IT is a different language. We serve as Board IT/cybersecurity liaison to be the “go between” and translate the IT language into business and vice versa.
Braden Perry is a litigation, regulatory and government investigations attorney with Kennyhertz Perry, LLC. Mr. Perry has the unique tripartite experience of a white-collar criminal defense and government compliance, investigations, and litigation attorney at a national law firm; a senior enforcement attorney at a federal regulatory agency; and the Chief Compliance Officer/Chief Regulatory Attorney of a global financial institution. Mr. Perry has extensive experience advising clients in government inquiries and investigations, particularly in enforcement matters involving emerging or novel issues. He couples his technical knowledge and experience defending clients in front of federal agencies with a broad-based understanding of compliance from an institutional and regulatory perspective.
Kennyhertz Perry, LLC is a business and litigation law firm representing clients in highly regulated industries. The firm was founded by two veteran Kansas City attorneys, John Kennyhertz and Braden Perry. To learn more about the firm, visit kennyhertzperry.com.