Saturday, September 11, 2021

6 Ways In Which Your Attorney Can Be Your Cyber Best Friend

 


Unfortunately, the world of Cybersecurity never takes a breather, and that makes it harder for everybody in the industry to keep up with all that is happening.  This is especially proliferated and even exacerbated by the sheer number of Ransomware attacks that are occurring literally on a daily basis. 

Even as I go through the news headlines every day, the number of attacks that continue to rise is really jaw dropping.  In all honesty, I have never seen anything like this before.  But anyways, if you do ever find yourself to be a victim of such a circumstance, you need all of the people that you can muster up to be on your side to get things moving once again.

Often, the members of the Incident Response (IR) Team come to mind, but there is also one key ally that you cannot forget but is often overlooked:  Your attorney.  While they may not be a Cyber specialist, they can for sure help guide you and your company completely through the legal mess that you may encounter.  So, how do you make your attorney a part of the team in this regard?  Here are some key tips:

*Involve your attorney from the outset:

While there is no need to bring in your attorney on a daily basis for everything you do, at least meet with him or her on a bimonthly or at a minimum, a quarterly basis to keep them informed of what is going on with your Cybersecurity efforts.  That way, not only will they be informed, but they will be able to act quicky to help you out should the need ever arise (which will hopefully never be the case).  Also, by keeping them informed, your attorney will feel that they are a part of your team as well.

*They can help get you get extra resources:

If your company is ever hit by a security breach, obviously your first concern is to bring back your mission critical processes as quickly as possible.  Pretty much everything else seems to fall to the wayside.  Although this is a normal, human reaction, you need to be thinking about the aftereffects of it as well.  This is where once again your attorney can help out.  For example, many law firms also have a dedicated attorney that actually specializes in Cybersecurity.  With that in mind, he or she can help you get a forensics team up and running, in order to discover what really happened.  Also, they will be planning on best to combat the negative publicity that could arise, and also mapping out a strategy to inform law enforcement at the local, state, and federal levels.  He or she will also help you deal with regulators, auditors, and even your insurance company if you file a claim.

*The drafting of legal contracts:

When dealing with the fear and angst with what has happened to you, you will also need to sign contracts with other third-party vendors to help you recover.  Since you may not have a clear head at the time, you could be signing something that you may never even read in its entirety.  But no need to despair.  This is where once again your attorney will be your best friend.  As you are putting out the fires, your attorney will read through all of these kinds of contracts, and even sign off on them, if you have given them the permission to do so.  Depending upon the relationship that you with him or her, they can even help out to vet the third-party contractors that you may need in order to serve your best interests.

*The world of lawsuits:

Unfortunately, after you have been hit with a Ransomware attack, the finger pointing almost starts immediately.  It’s one thing as this happens internally, but externally, it could be a disaster for you.  This is where the lawsuits come in.  Even though you may have taken the best efforts to keep all of the stakeholders (especially your customers) updated of what is going on, there is still a strong probability that could face a lawsuit, or even multiple ones, from either a criminal or civil standpoint (or even both).  This is where one again your attorney can literally become your savior.  The moment the first lawsuits start to come, he or she will be on your defense, in an effort to avoid any costly litigation, by coming to some settlement agreement.  You may not in the end face a lawsuit, but when it comes to this, it is always best to have one, as this is one area you do not want to at it alone.

*Provide advice as to what can be shared:

In the digital world that we live in today, anything can go viral in just a matter of seconds, if it is an explosive enough topic.  This is not where you want to be.  In other words, although you want to be open and honest in all of your communications, especially when it comes to external stakeholders, you want to be very careful in what you say and what you let your employees say.  You need to walk that fine line of not giving out too little or too much information.  For example, you have to be very careful in what is given out, especially when you are conducting your forensics examination.  Obviously, you do not want to let the Cyberattacker who preyed upon you to do it again.  Once again, this is where your attorney can be of great help.  They can provide all of the advice that you would ever need in terms of what should be shared with the public.  And if you don’t feel comfortable publicly talking about this, then you can even ask your attorney to do this as well, or even hire a reputable Public Relations (PR) firm.

*Avoiding the jaws of the data privacy laws:

Before COVID19 hit, the talk of data privacy laws such as those of the GDPR and the CCPA were taking center stage.  But once the pandemic hit, all of this ceased, because the world was dealing with a far worse situation.  But now as the bulk of the population (at least here in the United States) has been vaccinated, and things are returning to some sense of normalcy, the fears of audits and fines are starting to come back.  Depending upon the background that your attorney possesses, he or she can also help you to develop a strategy when it comes to dealing with regulators if you are ever audited.  They may even be able to recommend to you a specialized Cyber compliance team to further assist you in this regard.

My Thoughts On This:

Well, here are some key reasons why you really need to have a good attorney on your Cyber team.  True, it may not be a cheap option, but the expenses here could very well pale in comparison to what the true costs of a security breach could bring you.  Keep in mind also that if you cannot afford a regular attorney, you can even hire one on a virtualized basis as well, for a fixed term and priced contract. 

This is very similar to the vCISO.  But which ever option you choose, try to get an attorney that has a decent Cyber background.  While he or she may not have to have conducted a Pen Testing exercise, they should at least know what it is about in order to give you sound legal advice for both the short and long terms.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...