With high-profile data leak and security cases like whistleblower Edward Snowden making national and international headlines, many enterprises are taking a strong look at their current IT policies.
Once exclusively the domain of IT, now nearly every department poses a cybersecurity threat more proactive measures need to be taken in nearly every post, including within the legal department. The topic was discussed deeply at the Women, Influence and Power in Law conference this morning during the panel “Cybersecurity and the Legal Department”
Talking about existing risks Vivian Maese, a partner at Dechert LLP, said that financial institutions specifically need to be critically aware of the loss of intellectual property, as a theft of information surrounding IP could lead to the loss of a market advantage to competitors. In addition to corporate competitors, nations like Russia and China are constantly attempting to steal trade secrets for economic gains, and also threaten the private data of corporation said Denise McWatters, senior vice president and GC of the HollyFrontier Companies.
With so many risks outside and in, the panel quickly shifted gears on what the risks are and into what you need to do once they’ve happened. Estela Valdez, general counsel at BROWZ, LLC, said: “I think the key to managing such an event, is to be prepared, so one of the things that I find a lot of companies are not prepared to do is to assess the kind of information you have across the company.”
Valdez continued saying that as an IC, one needs to be able ascertain how information is spread throughout the organization and physically where that information is. Knowing where the data lives will give legal departments a better understanding of the kind of information that could have potentially been compromised, when a breach occurs.
Regardless of when a breach happens and what sensitive information is leaked, the key to mitigation and remediation is having a communications plan. Wanji Walcott, managing counsel of American Express, and session moderator likened a breach to a crime scene, explaining that when something goes wrong people shouldn’t be rushing back in to fix the system because it could damage important evidence. If a strong communication plan is in order to alert the necessary parties, you’re less likely to damage evidence and more likely to gain information to prevent attacks in the future.
Obviously the risks and strategies to employ when dealing with cybersecurity don’t end there but attendees were treated to a lively discussion about the perils and possibilities of this emerging topic.