Countless commentators have predicted that Cyber Security will be one of 2019's hottest business topics. While this prediction will prove true, the issue that really matters is - what are you doing about it? After a string of massive, high profile cyber security incidents in 2018, it's clear that threats will rise in 2019, plus the heated discussion over consumer privacy will pressurize the environment in which companies operate. It's a stressful time to implement cyber security, but that said, you can't afford to wait any longer.
Where to Start?
Businesses must approach cyber security with the right mindset, a mindset that views cyber security as a process that is continually assessed and improved. Businesses must not adopt a band-aid mindset toward cyber security, one that waits for bad things to happen only to patch them with a band-aid. The band-aid mindset turns cyber security into a game of whack-a-mole. In whack-a-mole, you react to what the game gives you. You have no control over which moles pop up. Is that how you want to feel about your company's and consumers' information?
Growing Cyber Security from the Inside Out
An introspective mindset means taking a hard look at your security practices at every level. Honest self-assessment is the beginning of true change. Notice that I said "every level". This isn't a purely technical assessment, something that only IT does. It's something that every department and every level of management must do. The company can't move forward as a whole unless it knows where each of its parts stand.
Cyber Attorneys are Key Drivers of Self-Assessment
Legal counsel is a key member of the assessment team. His broad interdepartmental perspective on the company, his deep understanding of its business processes, and his insight into corporate governance will all be assets. Moreover, it is critical that legal counsel be able to cross talk with IT, CIO's, and CISO's. In my opinion, if legal counsel can't effectively understand or translate what IT does into legal and business terms, he isn't fulfilling his role as cyber attorney.
This post is informational only. To fully understand how to leverage legal counsel to enhance your company's cyber security, it is best to consult legal counsel.