Electronic data is defining the business world, and with its benefits come many threats. Here’s how experts think organizations should protect against ransomware.
Given the ubiquity of digital platforms in use at organizations, cybersecurity is one of those topics that everyone knows about but struggles to apply in a way useful to their organizations. As Roy Zur, CEO of the cybersecurity provider Cybint, put it, there’s a difference between knowledge and skills, as “everyone can Google something.”
And as IT increasingly integrates with the rest of an organization, employees from all ranks are being asked to play their part in addressing cyber risks, paramount among them are legal professionals. While events like WannaCry and the Yahoo breach dominate the news and boardroom conversations, much focus still remains on what Shearman & Sterling counsel Jeewon Serrato calls “the technical side.”
“I think what most lawyers may take away from the news coverage is that this is an IT job. When they start talking about MS Windows patches and anti-encryption software, a lot of the lawyers might thinkthis has nothing to do with the legal departments,” Serrato said. “What follows after the immediate aftermath is [addressing] regulations and inquiries from different [government] entities and agencies and consumer lawsuits. That will be for the legal department.”
Serrato is one of a growing group of legal professionals advocating for lawyers to take a more active role in educating themselves on the cyber incidents for which they are increasingly. On June 12, Serrato will take her message to ALM’s LegalWeek West, speaking on a panel titled “The Emergence of Ransomware and Other Targeted Exploits: Prevention & Effective Response,” where she will focus on the legal liability questions that arise in the aftermath of a data breach, particularly a ransomware attack. Yet, she noted, there’s a role for the lawyer in prevention as well.
“I think there’s a lot the lawyer can do to help the company mitigate these types of threats on the preventative side,” Serrato said. “A main thing that I see legal having a role in is acting as a stakeholder in prepping an incident response plan.”
To continue reading: Legal Tech News