I recently wrote an article for Law Technology News on How to Defend Against a Data Breach. In the article I talk about how technology choices can have a huge impact on corporate risk. From a legal perspective, I advocate greater involvement in technology decisions in order to mitigate risks and understand the impact of these technologies on the ever changing regulations that must be balanced.
Whether you’re corporate counsel, in a legal department or are in a C-level position, these are hard times to be a legal professional. We must balance internal pressures to adopt technologies which advance efficiency, and profitability, but these same choices open up many attack vectors that can put the organization at risk.
In the article I discuss some of the real-life situations that sound like modern fiction, but which unfortunately are not. Such as the fact that the malware used to attack Target Corp., The Home Depot and other large scale breaches of the year was made by a couple of teenagers in Russia. Sounds like a bad science fiction plot, but it’s been an unfortunate reality for these corporations.
Cybercrime is estimated to cost the worldwide economy as much as $575 billion, and governments are being pressured for not just a response but a fix. Coming out of this is a flurry of legislative and regulatory activity, which we saw here in the US first with HIPAA. This year Congress has shown a renewed interest in enforcing cybersecurity by passing numerous bills awaiting presidential approval. Abroad, more legislative shifts are taking place.
How does this impact us as legal professionals? My advice is to:
- Not relinquish responsibility for technology decisions to the IT department
- Ask questions when you don’t understand a technology
- Not accept the word of the people you’re supervising; do your own research
I share more thoughts on the role of legal professionals in technology decisions in my full article here.