Thought Leadership and Industry Trends
First Responders, Specialists, and Partners: Cybersecurity Collaboration at the Leaders in Law Forum
By Kate Hutchinson, Director of Marketing, CDS
On June 29th, the Leaders in Law Institute Forum Tackling Digital Asset Risk in the Electronic Age brought together experts from the areas of corporate law, government investigations, and cybersecurity to discuss how different lines of business can work together to minimize risk to company data. Effective cybersecurity must be collaborative in nature and this point was underscored by speakers throughout the program. Below are some of the key messages from the program that will help you get started collaborating with your colleagues on cybersecurity.
- The impact of data breaches continues to grow exponentially. Kathleen McGee, Chief of the Bureau of Internet and Technology at the Office of the Attorney General of the State of New York, shared startling statistics on data breaches. In 2016, personal data belonging to 1.6 million New Yorkers was exposed, an increase of three times over the prior year. In New York, section 899-aa of the General Business Law mandates that people must be notified when their personal data has been breached. Some of these breaches are the result of improper security measures on the part of firms and the Office of the Attorney General is actively pursuing cases where private data has been treated negligently. One such case cited during the program pertained to an improperly secured internet job application portal that left the social security numbers of applicants open to theft.
- Companies should consider what types of data they need to collect, as well as how it is segmented and stored. In the above-mentioned case involving the improperly secured job application portal, one of the factors that led to the pursuit of the matter by the Attorney General was the fact that the company did not need to collect social security numbers that early in the candidate screening process. If the management team had been more thoughtful about not only properly storing but collecting this data in the first place, the situation could have been avoided.
- The definition of what constitutes “private data” is constantly changing based on cultural and social norms. As people become aware of how much of their data is being collected and held by third parties, there is an increased call for appropriate security measures. The difference between what is considered private data in the E.U. vs. in the United States is just one example of this type of shifting definition.
- Cybersecurity is a business continuity issue; not just a compliance issue. During a panel conversation, CDS’s eDiscovery Counsel Matthew Knouff pointed out that recent attacks demonstrate how security breaches can cripple business operations. The WannaCry and Petya ransomware attacks in June 2017 locked down thousands of computers worldwide, showing how quickly a data breach can impact business operations even in the largest firms. Developing an incident response plan that ties to business continuity plans is essential.
- Incident response plans are not “one size fits all.” Data breaches come in all shapes, sizes, and severities. Carolyn Rice, Chief Information Security Officer at SONY Music Entertainment, suggested that organizations should have different incident response plans to address different types of data breaches. She also underscored the importance of identifying “cyber first responders” – the team of employees who will act together when an incident occurs. This team will be a combination of IT experts, legal professionals, and others who will work rapidly to contain the threat and communicate with affected parties.
While cybersecurity threats are ever more numerous, the professional teams who address them continue to grow in sophistication.
Sign up for Our Insights newsletter to stay on top of the latest developments in eDiscovery.
About the Author