Posted by Lucy Nash, Solicitor
Is cybersecurity keeping you awake at night?
We asked you to let us know what issues were keeping you up at night and the primary concern at the top of most of your lists was cybersecurity and the impact that an attack may have on both your organisation’s finances and reputation.
Cybercrime is an ever-increasing threat which evolves faster than most of us can keep up with. It is an aggressive act which has the potential to seriously damage an organisation of any size and in a number of different ways as criminals are not always seeking money.They may instead be targeting confidential data or simply hoping to irreparably damage an organisation’s reputation.
According to the Association of Corporate Counsel (ACC) Foundation’s ‘State of Cybersecurity’ Report which was published in April, 32% of the 600+ in-house counsel surveyed either currently work, or had previously worked, at an organisation that had experienced a cybersecurity breach in the past two years.
Among that 32%, it was reported that malware / phishing was the most common way in which the companies had been breached. Surprisingly, this was more prevalent than breaches caused by employee error, which was the leading cause in 2015.
Could it be that organisations have finally realised that employees are their weak point when it comes to cybercrime and therefore provided enhanced training on dealing with suspicious emails, for example, or are the cybercriminals just getting smarter?
What impact has the GDPR had?
It is clear that the GDPR has been a wake-up call for many organisations in the EU and beyond. The new legislation not only deals with data protection but it also illustrates just how seriously the regulators are taking cybersecurity.
The ACC Report highlighted that more than 40% of those who responded said they intended to re-visit their data security standards, procedures and incident response plans as a result of GDPR – that may be something to do with the significant penalties and fines that can now be imposed in the event of a breach!
Are you responsible for the data security and breach response policies and procedures in place within your organisation? If so, have you re-visited them since the GDPR came in to force? If not, our advice would be to act fast.
What can you, as an in-house lawyer, do to protect your organisation from the threat of cybercrime?
No matter what size, shape or industry your organisation is in, it is not immune from the threat of a cyber attack. As an in-house lawyer, we know that you are responsible for a significant number of matters – whether they are matters of law or not – and that cybercrime might not be particularly high up in your list of priorities.
However, the ACC report found that over two thirds of the respondents expect that their in-house legal role in cybersecurity will increase over the next year. As such, it is crucial that you are proactive in mitigating the risks by keeping up to date with the latest threats and best practices in order to protect yourselves and your organisations.
Our hints and tips:
- Be prepared! If you haven’t already done so, check your data security policies and procedures.Re-visit them regularly to ensure they are kept up to date
- Prevention is better than cure. Brief your management team on the importance of investing in prevention against cybercrime. It may be that more of the company budget needs to be allocated to this area
- Check your third party contracts.What are your termination rights in the event of a breach? Do they adequately provide for cybersecurity concerns or do they need updating? Do you audit those third parties before contracting with them?
- Check your staff training procedures.Is cybersecurity training mandatory? If not, consider whether it should be, along with testing at the end of training to ensure the message is clearly received
- Consider whether your organisation would benefit from a cyber response team. Would you know who to call if a breach occurred? Consider organising a mock breach event to see how your team handles it
- Check your insurance policy. Does it cover cybersecurity events?
Want to know more?
On 17 January 2019, we will be hosting a free afternoon workshop exclusively for members of our Grey Matters programme. If you haven’t already – save the date!
We will have a technical cybersecurity expert on hand to provide you with practical advice on how you can protect your organisations We will provide you with hints and tips on drafting the necessary policies, training your staff to be aware of the threats and how to respond quickly and efficiently in the event of a breach.
If you need any help with these issues in the meantime, please don’t hesitate to contact us on:
0800 051 8059 Email us