Companies need to take immediate action to implement a layered defense to safeguard sensitive data. CISOs are already under immense pressure to protect their organizations. The stakes are only getting higher with ransomware attacks continuing to inflict devastating outcomes, such as the exfiltration of sensitive data, increased extortion costs, and reputational damage. And with CISOs at risk of being held personally liable for a damaging breach, the urgency has never been greater.
To adequately protect themselves, their companies, and their customers, CISOs must insist upon stringent data protection standards with all third-party and supply chain partners. Notably, the law firms that represent them. Law firms have incomparable access to confidential information, making them prime targets for cyberattacks. Law firms must demonstrate rigorous data protection governance, have implemented proper granular data protection solutions, and follow cybersecurity best practices to ensure data is properly safeguarded.
“Having competent and reasonable measures to safeguard confidential client information is critical. As is ongoing and open communication with clients about the best process to assess all risks and implement protections. Companies need to know that their law firms have active, ongoing governance to guide and own responsibility for data protection,” explains Dimitri Nemirovsky, COO of Atakama.
Raising the stakes even higher, The Federal Trade Commission and State Attorneys General are increasingly imposing the threat of significant fines and personal impacts for senior decision-makers in the event of data security failures. Take for example, the Drizly case that resulted in substantial penalties against the company and its then CEO, who faces a 10-year “backpack” requiring him to implement a comprehensive information security program and establish security safeguards at future companies.
Pressure is also intensifying from insurance providers that require security attestations and evidence that technology and procedures are watertight.
“It does not matter how big or small a business you are, there is an expectation with a start-up or a law firm, that you are going to employ reasonable data security,” adds Kathleen McGee, Partner, Lowenstein Sandler, and former regulator and Bureau Chief of the New York Attorney General’s Bureau of Internet and Technology.
With the U.S. Securities and Exchange Commission set to release new rules that will impact the way publicly traded companies manage and disclose cybersecurity incidents to their shareholders. For example, companies will be required to disclose a cyber incident in a Form 8-K four days after learning of the incident and determining its materiality. There is no time to delay; the time for organizations to prepare is now.
Those that reassess their defense strategies and take swift and appropriate action to fortify them, will put themselves in a more tenable position. A layered approach that includes implementing advanced technology, such as Atakama’s multi-factor encryption, will help to ensure that even the most sensitive data is fully safeguarded, and potential attacks are mitigated.
To learn more about Atakama’s data protection expertise visit: www.atakama.com