Insights from a Recent Panel Discussion of In House Counsel
By: Cara Lemire, Vice President, Sales & Marketing, Sandline Global
In a recent panel session on data privacy and cybersecurity, industry experts delved into strategies for protecting sensitive information and mitigating cyber risks. The key takeaways from the discussion offer valuable insights for organizations aiming to improve their cybersecurity preparedness.
Robust Data Mapping and Integration
One recurring theme was the importance of robust data mapping and ensuring you know where data resides. This data mapping exercise is to be a living, breathing system and should be integrated into your privacy approach.
Seek Funding and Get Board Support
The panelists acknowledged challenges in obtaining internal funding and emphasized the need for strategic conversations with the right stakeholders. Getting Board attention is pivotal, as they have the broader view and can mandate organizational changes. Additionally, board members can be individually liable for lapses.
Break Down Silos
Breaking down organizational silos emerged as a crucial strategy. Risks are often enterprise-level, and the panelists emphasized the importance of executive management and board support in creating a cybersecurity-aware culture.
Comply with Regulations
The discussion touched on various cybersecurity regulations, emphasizing that while standards aren’t about achieving perfection, adherence to regulations is essential. Additionally, when responding to regulations it is often easy to see the common threads between different regulations. For example, specific regulations such as NERC CIP-005-7, NIS 2 directive, and TSA SD02c were highlighted for their common focus on multi-factor authentication.
Readiness and Best Practices
Preparing for cybersecurity events requires a proactive approach. Protecting intellectual property, client data, and personal information necessitates honest self-assessment and regular tabletop drills to ensure preparedness becomes second nature. The discussion highlighted the need to be wary of over indexing on ransomware threats and the importance of understanding the full spectrum of potential cyber threats.
Additionally, if you’re breached, you need to ensure that you respond in an appropriate fashion. While legal should be involved, ensure that IT and InfoSec are also involved to help communicate with the technical outside vendors who are assisting with breach response.
The panelists stressed that cybersecurity is a business problem, not just a legal or risk management issue. Organizations treating it solely as a legal matter risk going out of business due to mishandling subsequent breaches.
Lessons from SolarWinds
The SolarWinds case was referenced as a cautionary tale, emphasizing the importance of a well-vetted support team for incident response. Waiting until an incident occurs to identify partners such as ransomware negotiators or cyber forensic firms is akin to trying to assemble a fire brigade during a blaze.
The panelists encouraged organizations to adopt a solutions-oriented mindset. In the face of a cybersecurity incident, focusing on solutions rather than dwelling on the problem is key. Additionally, focus on staving off future breaches. Many brands can survive one breach if they respond appropriately, but you cannot survive multiple breaches.
As cyber threats continue to evolve, staying ahead requires a multi-faceted approach that combines technological measures, regulatory compliance, and a cultural shift towards cybersecurity awareness. The insights from this panel discussion serve as a valuable guide for organizations seeking to navigate the complex landscape of data privacy and cybersecurity.