Tags: Cybersecurity | Hack | Passcodes | Risk

Your Computer Will Be Hacked, It's Just a Question of When

By Monday, 04 May 2015 05:23 AM Current | Bio | Archive

It's not a question of if your computer system will be hacked, but only a question of when it will happen.

In spite of all the emphasis on firewalls, passcodes, secret handshakes, and Congress passing cyber-security legislation, there is still a major financial liability risk when your computer system is holding someone else's financial, medical, or other valuable information and data.

The government may be your worst enemy in this regard. Under the Affordable Care Act all medical records are required to be electronic. The Foreign Account Tax Compliance Act, which will apply to every financial institution-and then some — in the United States mandates that the most intimate financial details and relationship are disclosed in the interests of full disclosure.

The government regulators are on a crusade when it comes to knowing everything about everybody. And every private detail of your life becomes a mere keystroke from being stolen for outside hackers or merely those inside.

If threats from the private sector aren't enough, of course the threat that some agency of the government may find it convenient to use your information for its own purposes, or against you, is not an unlikely scenario.

What happens if your system gets hacked and your client's or customer's or patient's or other's information gets taken?

What happens next is that your company and you get sued.

In KPMG's 2015 Global Audit Committee Survey, they assigned liability for cybersecurity/data pricy risks as 43 percent to the company audit committee, 40 percent to the full board, 7 percent to the risk committee, 4 percent to the technology committee, 3 percent to the audit, risk and finance committee, and 3 percent to other corporate committees.

It makes sense since those with the most likely deepest pockets will be, of course, the target.

Every industry is scrambling to find a solution to the growing recognition of this new and looming financial risk. Many are turning to the newest computer specialists in the cybersecurity industry.

While directly hiring the appropriate cybersecurity consultant is a prudent step, it could also be a bit of an otherwise avoidable legal trap. That is hiring a company to do an analysis of your cybersecurity system is required, but it also provides a road map for some plaintiff's lawyer looking for the tiniest of pegs to hand your company and you with liability.

I am of the view that all these cybersecurity contracts should be entered into by an outside law firm retained to provide legal advice on cybersecurity exposures and proper corporate governance.

Being up to date on the latest in technical computer law and regulations, especially on potentially international exposures, is very much for those lawyers who make it a practice focus.

As part of this work, it is vitally important for the law firm to retain the cyber security consultants to review the risks and exposures to the computer and other information systems under the auspices of the attorney-client and work product legal privileges.

This played out in the recent case of Genesco v. Visa where the court denied discovery requests for cybersecurity analysis, reports and communications on the basis that they were protected from disclosure under attorney-client and work product privilege.

What this decision does is highlights the importance of designating proper legal counsel as the ones having responsibility for guiding the company and its relevant committees on its key security risk assessments, overseeing any forensic investigations, and leading the responses should there be a data security breach of any kind.

Doing what is necessary to prepare for a cybersecurity breach and being able to effectively respond to mitigate risk exposure is going to be an added expense no matter what. It gets exponentially more expensive it is incurred after the event (and the battle has started) than before.

The smart and most conservative proactive approach for any business to take regarding its risk management of cybersecurity is to have the appropriate law firm take the lead, hire the required consultants, and have all reports, analysis, memos, plans and communications protected under the attorney-client and work product privileges.

© 2020 Newsmax Finance. All rights reserved.

1Like our page
The smart and most conservative proactive approach for any business to take regarding its risk management of cybersecurity is to have the appropriate law firm take the lead.
Cybersecurity, Hack, Passcodes, Risk
Monday, 04 May 2015 05:23 AM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

© Newsmax Media, Inc.
All Rights Reserved