Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Data breaches: Is your attitude about data security putting you and your company at risk?

What we fail to recognize is that the most significant threat is people making bad decisions because they have little knowledge about data security.

With all of the recent data breaches, the nervous jitters among those who have spent time ordering new credit cards or signing up for credit monitoring are no surprise. The possibilities of what might happen seem overwhelming and with no easy cure, action perhaps seems too daunting. 

The threats are daunting because we have for too long relied on others to make our online experiences safe. At home we might not see the need to install anti-virus software, use encryption, or set-up a secure Wi-Fi network. At work, we assume these are just issues for the information technology department.



What in the world is... "Information Governance?" 

Recent governmental guidance on data security: What in-house counsel needs to know

Proposed federal cybersecurity legislation

Cybersecurity and intellectual property: How protected are you?


What we fail to recognize is that the most significant threat is people making bad decisions because they have little knowledge about data security. Our collective reliance on someone else plus a defeatist attitude predicts failure. If we don’t think about security at home, then the burden of security protections seems unnecessary at work. 

We all need to do a self-assessment. Start with your passwords. Don’t use the same password or variations for multiple accounts. For mobile devices, choose six character passwords. For laptops or desktops, use a pass-phrase, which is akin to a complete sentence. The trick is to think of a quote from a movie, a line from a song, or pick random sentences from a book that you carry, or keep in your desk or on your bookshelf. Every password should change on a 90-day cycle.

Business owners need to gain an understanding of their legal obligations to protect company information — identify what you have, know where it is kept, and determine who has access. Document your security strategy, train your employees so they understand their roles, and develop a breach response plan identifying your first responders — those you will call on when a laptop is lost, a virus shuts down your servers, a terminated employee walks out the door with a gigabyte of data, or a cybercriminal hacks your system. 

Our advice — be proactive. Educate yourself and your employees about what steps each person can take to secure data. Start small like discussing proper passwords and identifying suspicious emails. Work with your employees expecting that a breach will occur and practice your plan on a regular basis making it more than just words on a page.  



Contributing Author

author image

Ian Ramsey

Ian is Stites & Harbison’s Chief Information Security Officer and Co-chair of the firm’s Privacy & Data Security Practice Group.  He is a Certified Information...

Bio and more articles

Contributing Author

author image

Sarah Spurlock

Sarah is Stites & Harbison’s Chief Privacy Officer, Co-chair of the firm’s Privacy & Data Security Practice Group, and a member of the firm’s Health...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.