Cyberattacks continue to increase in scale and severity. Hackers have targeted companies in every industry and of every size, as well as government agencies, state voting systems, news organizations and political parties.
Some experts now say there are two types of companies: those who have been attacked and those who don't know they have been attacked. And as each high-profile breach brings the threat of regulatory scrutiny, damaging publicity and financial losses, protecting their company's information and technology systems is a top priority for in-house counsel.
Hackers, whether they are independent or funded by nation-states, have become more sophisticated, conducting operations that can last for months or even years. Realizing they can no longer simply conduct triage, plug the leak and return to business as usual, smart companies are spending millions on cybersecurity measures. But do they have the necessary plans and best practices in place to prevent an incursion – and to deal with one after it happens?
For example, employee training and governance measures are a key, but often overlooked, step in preventing cybersecurity breaches. Even companies with solid security systems can experience a breach if a single worker misplaces his laptop. Or if an employee with an axe to grind leaks key information. Companies can take such actions as: putting strict confidentiality obligations in all employment contracts, providing regular training to employees and ensuring employees are aware of the organization's policies covering IT security, whistleblowing and the disciplinary procedure for breaching obligations around confidential information.
The importance of policies like these will be discussed at an ethics CLE program for early arrivals at DLA Piper's 2016 Global Women's Leadership Summit. To fuel an interactive discussion on preparing for cyberattacks, the program will include DLA Piper's film, In A Flash (A Lesson in Cybersecurity). The film depicts a fictional corporation dealing with a pair of cyberattacks and related issues, including cybergovernance, cyber-risk management, security protocols, incident response plans and corresponding legal and regulatory environment issues. The program will also address the delicate balance required in managing internal investigations, reporting requirements and stakeholder interests.
We look forward to leading an engaging discussion on issues facing general counsel in the cybersecurity arena, alongside our fellow speakers, including Sarah Morgenthau, Deputy Assistant Secretary for the Private Sector Office at the Department of Homeland Security.
Stefanie J. Fogel is co-chair of the DLA Piper Food & Beverage Sector, focusing her practice on multi-national food and consumer product regulation and compliance, food and consumer product recall response, corporate compliance, and commercial, class action and multi-plaintiff litigation. She is also co-founder and co-chair for DLA Piper's National Leadership Alliance for Women (LAW) Program.
Stasia Kelly is co-managing partner (Americas) of DLA Piper and a member of the firm's Global Board and Executive Committee. As co-chair of DLA Piper's Global Governance and Compliance practice, she counsels boards of directors, in-house legal teams and executives on issues related to their governance and compliance programs and crisis management. Stasia is on the leadership committee of DLA Piper's Leadership Alliance for Women and serves as a mentor to a number of the women lawyers at the firm.