Unfortunately, the world of Cybersecurity never takes a
breather, and that makes it harder for everybody in the industry to keep up
with all that is happening. This is
especially proliferated and even exacerbated by the sheer number of Ransomware
attacks that are occurring literally on a daily basis.
Even as I go through the news headlines every day, the
number of attacks that continue to rise is really jaw dropping. In all honesty, I have never seen anything
like this before. But anyways, if you do
ever find yourself to be a victim of such a circumstance, you need all of the
people that you can muster up to be on your side to get things moving once
again.
Often, the members of the Incident Response (IR) Team come
to mind, but there is also one key ally that you cannot forget but is often
overlooked: Your attorney. While they may not be a Cyber specialist,
they can for sure help guide you and your company completely through the legal
mess that you may encounter. So, how do
you make your attorney a part of the team in this regard? Here are some key tips:
*Involve your attorney from the outset:
While there is no need to bring in your attorney on a daily
basis for everything you do, at least meet with him or her on a bimonthly or at
a minimum, a quarterly basis to keep them informed of what is going on with
your Cybersecurity efforts. That way,
not only will they be informed, but they will be able to act quicky to help you
out should the need ever arise (which will hopefully never be the case). Also, by keeping them informed, your attorney
will feel that they are a part of your team as well.
*They can help get you get extra resources:
If your company is ever hit by a security breach, obviously
your first concern is to bring back your mission critical processes as quickly
as possible. Pretty much everything else
seems to fall to the wayside. Although
this is a normal, human reaction, you need to be thinking about the aftereffects
of it as well. This is where once again
your attorney can help out. For example,
many law firms also have a dedicated attorney that actually specializes in
Cybersecurity. With that in mind, he or
she can help you get a forensics team up and running, in order to discover what
really happened. Also, they will be
planning on best to combat the negative publicity that could arise, and also
mapping out a strategy to inform law enforcement at the local, state, and
federal levels. He or she will also help
you deal with regulators, auditors, and even your insurance company if you file
a claim.
*The drafting of legal contracts:
When dealing with the fear and angst with what has happened
to you, you will also need to sign contracts with other third-party vendors to
help you recover. Since you may not have
a clear head at the time, you could be signing something that you may never
even read in its entirety. But no need
to despair. This is where once again
your attorney will be your best friend.
As you are putting out the fires, your attorney will read through all of
these kinds of contracts, and even sign off on them, if you have given them the
permission to do so. Depending upon the
relationship that you with him or her, they can even help out to vet the third-party
contractors that you may need in order to serve your best interests.
*The world of lawsuits:
Unfortunately, after you have been hit with a Ransomware
attack, the finger pointing almost starts immediately. It’s one thing as this happens internally,
but externally, it could be a disaster for you.
This is where the lawsuits come in.
Even though you may have taken the best efforts to keep all of the
stakeholders (especially your customers) updated of what is going on, there is
still a strong probability that could face a lawsuit, or even multiple ones,
from either a criminal or civil standpoint (or even both). This is where one again your attorney can
literally become your savior. The moment
the first lawsuits start to come, he or she will be on your defense, in an
effort to avoid any costly litigation, by coming to some settlement
agreement. You may not in the end face a
lawsuit, but when it comes to this, it is always best to have one, as
this is one area you do not want to at it alone.
*Provide advice as to what can be shared:
In the digital world that we live in today, anything can go
viral in just a matter of seconds, if it is an explosive enough topic. This is not where you want to be. In other words, although you want to be open
and honest in all of your communications, especially when it comes to external
stakeholders, you want to be very careful in what you say and what you let your
employees say. You need to walk that
fine line of not giving out too little or too much information. For example, you have to be very careful in
what is given out, especially when you are conducting your forensics
examination. Obviously, you do not want
to let the Cyberattacker who preyed upon you to do it again. Once again, this is where your attorney can
be of great help. They can provide all
of the advice that you would ever need in terms of what should be shared with
the public. And if you don’t feel
comfortable publicly talking about this, then you can even ask your attorney to
do this as well, or even hire a reputable Public Relations (PR) firm.
*Avoiding the jaws of the data privacy laws:
Before COVID19 hit, the talk of data privacy laws such as
those of the GDPR and the CCPA were taking center stage. But once the pandemic hit, all of this
ceased, because the world was dealing with a far worse situation. But now as the bulk of the population (at
least here in the United States) has been vaccinated, and things are returning
to some sense of normalcy, the fears of audits and fines are starting to come
back. Depending upon the background that
your attorney possesses, he or she can also help you to develop a strategy when
it comes to dealing with regulators if you are ever audited. They may even be able to recommend to you a
specialized Cyber compliance team to further assist you in this regard.
My Thoughts On This:
Well, here are some key reasons why you really need to have
a good attorney on your Cyber team.
True, it may not be a cheap option, but the expenses here could very
well pale in comparison to what the true costs of a security breach could bring
you. Keep in mind also that if you
cannot afford a regular attorney, you can even hire one on a virtualized basis
as well, for a fixed term and priced contract.
This is very similar to the vCISO. But which ever option you choose, try to get
an attorney that has a decent Cyber background.
While he or she may not have to have conducted a Pen Testing exercise,
they should at least know what it is about in order to give you sound legal
advice for both the short and long terms.
No comments:
Post a Comment