Ensuring that Legal Aspects of Cybersecurity Are Prioritized

​
The Legalweek conference in New York in early 2024 featured panelists discussing emerging cyber threats, as well as the complexities of staying abreast of the latest privacy rules and regulations. While the focus is typically on rules issued in the EU and United States, firms with an international presence also need to be aware of the all relevant regulation. As an example, Chile recently updated its cyber security regulations for the first time since the late 1990s.

This does not simply apply to independent law firms. Even in major corporations with dedicated legal teams, where staying on top of developments is paramount, recommendations by legal and IT staff can get lost in the shuffle and deprioritized. Messaging from multiple sources helps keep information security and compliance at the forefront, providing a constant reminder that cybersecurity is not a “set-it-and-forget-it” area.

Another aspect of this is ensuring that the mandatory privacy and security analysis of each feature request or development ticket is not treated as simply checking a box. Legal professionals must condition tech teams to work through potential impacts wherever they might occur, as it only takes one motivated and malicious hacker to extract and exploit a trove of privileged information. One way of encouraging such an approach is through tabletop exercises that run through potential risk scenarios and creatively uncover ways of making sure that they never occur. It’s also critical to translate legalese clearly to engineering teams, ensuring that personnel in different specialties are all on the same page.

Sal Rivera

Shop