Three Most Commonly Asked Questions on Cybersecurity and Privacy

What advice do you have to avoid cyberattacks?

Many of our clients themselves provide cybersecurity services to other businesses. They often remind us that a little common sense goes a long way. We encourage our clients to not only have formal policies governing use of company IT resources, but also to have regular formal and continual informal training. We collaborate with IT vendors to ensure that our clients’ users are aware of just how sophisticated phishing and other cyberattacks have become and what can happen if just one user on a large network clicks on a malicious link.

What do you recommend if a business is a victim of a cyberattack?

Cyberattacks have consequences ranging from ransomware and total data loss to little more than restoring a small amount of data from a backup. One common characteristic, though, is they almost always involve other people’s data. We encourage our clients take immediate action to determine what data was affected, what data might have been affected, when the attack began and whether the attack is continuing, and what their legal and contractual responsibilities are with respect to owners of the affected data.

We enjoy good working relationships with law enforcement agencies who also specialize in this area, and we often serve as a liaison between our clients and them.

How do you advise businesses on their privacy obligations?

Data and privacy laws are regularly enacted and amended to keep up with changes in technology. We generally start by asking our clients to keep these factors in mind:

• What data do they have?
•  Where did it come from?
• Where and how is it stored?
• How is it accessed, and by whom?
• How is it transported inside the business and from the business to its customers and vendors?

The answers to many of these questions form the basis for both internal data handling policies and the privacy policies users see on most websites.