Blog

Your Legal and Compliance Team Needs Cybersecurity Prevention

Posted by Jeff Pelliccio on Dec 6, 2017 9:00:00 AM

In ICS insights

Businesses hiring in-house attorneys and compliance officers need candidates who can do more than simply understand, interpret and implement specific industry laws and regulations; they also need to be prepared to meet today’s cyber-security challenges head-on. Cyber threats impact more than just the IT department; legal and compliance staffers play key roles in prevention, training and handling any potential fallout that can come with a breach or attack.

Looking back at 2017, businesses across industry lines were impacted by costly information security incidents. Here are four of the costliest attacks, and how they could have been prevented:

WannaCry Ransomware Attack

The WannaCry attack, which spread across the globe affecting computer users in more than 100 countries within 24 hours, was damaging and costly – to the tune of approximately $4 billion.

The attackers behind WannaCry sought to exploit a Microsoft Windows security vulnerability that Microsoft had identified and patched already. However, the cybercriminals knew that many individual and corporate users would likely be slow to install the security updates.

Having legal and compliance staff who could work closely with IT to verify users had installed the Microsoft patch right away could have limited the extent of the WannaCry attack.

Equifax Data Breach

The news over the summer that credit monitoring giant Equifax had experienced a massive data breach was shock and a wakeup call to other businesses. An estimated 143 million consumers were affected, scrambling to deal with the news that their social security numbers, birth dates, addresses and even details like driver’s license numbers had been compromised and were potentially in the hands of cybercriminals.

Knowing the agency that was supposed to be guarding personal information was impacted by attackers should be a wake-up call for all businesses. While there is no guarantee that having more or different legal and compliance personnel on staff would have helped, it’s obvious that there was some sort of breakdown in policies and process that allowed the breach to occur. Hiring skilled legal and compliance staffers to interface with skilled IT professionals could help protect your business from being the next data breach news story.

Petya/NotPetya Ransomware Attack

Similar to the WannaCry virus, the Petya/NotPetya attack had a catastrophic impact on the businesses it affected, including FedEx and Maersk, who both estimated their lost earnings from the attack at a whopping $300 million.

The methodology behind this ransomware attack was similar to the WannaCry attack. Once the virus was on a user’s computer, it encrypted all of the user’s data, demanding payment before unencrypting it. Just like WannaCry, users who had already installed the Microsoft security patch were not at risk. However, many businesses – including FedEx and Maersk – simply hadn’t been diligent about making sure individual computers were protected.

Washington State University Hard Drive Theft

Finally, a different sort of attack impacted Washington State University when an unencrypted hard drive that included personal information for about 1 million people was stolen.

While the first three attacks listed in this article were made possible by technology vulnerabilities, the Washington State University breach occurred because the physical hardware wasn’t secured.

Legal and compliance personnel usually play key roles in handling required state and federal government notifications, as well as notifying affected customers after data has been compromised. Because it’s impossible to completely prevent the loss or theft of hardware, having the right personnel on your team who can coordinate and handle required notifications can provide peace of mind knowing you’re meeting your obligations under the law.

Need Legal and Compliance Cybersecurity?

For an employer creating or adding to an existing internal legal or compliance department, understanding the risks of cybersecurity attacks is critical. When you understand the risks and know how legal and compliance personnel help protect your company from would-be attackers, you can make staffing decisions that can protect your company’s and its customers’ data.

If your company needs contract, temporary-to-hire or permanent workers for your legal or compliance departments, count on Infinity Consulting Solutions to help you find candidates with the skill sets you need. To learn more about how we help businesses, contact us today in any of our eight offices nationwide (New York, Washington, D.C., Fort Lauderdale, Chicago, Dallas, Houston, Minneapolis, and Denver). 

Find Talent NOW

FTN IT.png