Cybersecurity and Data Privacy Planning Series: Identifying the Risks

June 29, 2017

By: Thomas M. Sullivan and Craig R. Smith

Lando & Anastasi, LLP was proud to organize, moderate and participate in a recent Association of Corporate Counsel – Northeast (ACC-Northeast) program on “Cybersecurity Strategic Planning.” This program provided practical solutions to threats against your data, privacy, and trade secrets. The panel provided insights and recommendations on how to prepare and implement a cybersecurity and data privacy plan. The panel was moderated by Thomas M. Sullivan, Partner at Lando & Anastasi and included an interactive discussion of cybersecurity and data privacy experts:

  • Hugo Teufel, III – Senior Counsel for Global Privacy, Raytheon (and former Chief Privacy Officer, U.S. Department of Homeland Security)
  • David Doggett – Senior Director of Cybersecurity and Network Infrastructure, Schneider Electric
  • Gareth Tungatt – Chief Underwriting Officer and Co-Founder, Ascent Underwriting, part of the Lloyds Syndicate
  • Craig R. Smith – Cybersecurity and Litigation Partner, Lando & Anastasi, LLP

Our cybersecurity and data privacy team will feature a series of articles on the key takeaways from the program. Topics include Identifying the Risks; Planning; Jurisdiction; Employee Training; Competitive Differentiation and Third Party Risks.

This first part of our series summarizes why Cybersecurity and Data Privacy should be critical issues for all organizations.

As readily apparent from daily news reports, no organization is immune to the risks of a cyber-attack or data privacy incident. Corporations, non-profit organizations, and government agencies are all potential targets. Sophisticated hackers are not just targeting large companies, they are also looking for vulnerabilities among smaller to mid-sized companies, especially vendors and suppliers of larger companies. The recent hack of a Netflix vendor is a prime example. In that case, hackers stole unreleased episodes of “Orange is the New Black” by attacking a vendor that performs post-production work for Netflix.

Many businesses understand that cybersecurity is important, but do not view it as a strategic threat to their business. As a result, companies do not dedicate sufficient time and resources to identifying and mitigating the risks. Corporate management must understand the risks and be part of the team assembled to prepare for and address cyber threats. Participation at the highest levels of the organization emphasizes the importance of planning and prevention and enables deployment of the necessary resources.

Companies should not wait until an attack has occurred to evaluate their systems and protect them from being compromised. Creating and implementing a cybersecurity plan is an important first step to assessing a company’s risks and ensuring that security incidents are either thwarted or detected and promptly addressed. Risk mitigation is the goal of a good cybersecurity plan. There is no reasonable way to lock down all your data, but you can put in place the proper protections, monitoring tools, and recovery resources to mitigate the risk.

Every organization should identify its own cybersecurity and data privacy risks and begin planning for an inevitable attack. In the next part of this series, we will discuss the need for a cybersecurity plan and how to prepare it.

Contact us for more information on this panel discussion and any cybersecurity and data privacy issues.