publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1031816
46 WWW.ILTANET.ORG | ILTA WHITE PAPER MARKETING TECHNOLOGY Security: A Shared Responsibility between Marketing, IT and Aorneys » Do your contracts have built-in recourse in the event of a security incident through carefully drafted indemnity rights and carve-outs from limitation of liability? » Does the service provider have appropriate cyber-liability insurance, and what are the limits on such coverage? » Is the service provider required to assist in transferring data back to you in the event the service agreement terminates? » Is there a retention and disposal clause? » Consider requiring the third party to not only indemnify you, but also cooperate with any pending litigation or investigation. If you find that your vendors don't have the same security rigor that you do, we suggest you part ways. Risking a breach, and your reputation, isn't worth holding onto unsecure third-parties. 6. Rinse and Repeat. As mentioned before, security is an ongoing process. The effort is never done, and the goal is always to continue improving. Revisit your audits, access, and processes regularly, and make changes as necessary. It also doesn't hurt to bring in a neutral party to help you uncover vulnerabilities you're not objective or savvy enough to uncover. Finally, develop an incident response and recovery strategy so that you're prepared in the case a data breach does actually occur. It's important that everyone understands and is comfortable with their role in the strategy. To help with this, practice executing a handful of mock scenarios throughout the year. You can't always prevent an aack from occurring, but you can prepare everyone at your firm to react in an optimal and timely fashion, reducing the collateral damage and expediting a resolution. With cyber risks ever evolving, security must be a shared effort and tackled through a comprehensive strategy that lives, breathes and improves over time. As your firm's digital footprint grows (and it should), think about how you'll continue to keep security top-of-mind for everyone at your firm. ILTA identities, or uncovering confidential information, the ultimate goal here is to dupe the user into sharing information they otherwise wouldn't. Demanding Ransom: Once armed with the sensitive information or access, hackers often like to use it as leverage for something bigger. In an example that hits very close to home, hackers successfully executed a ransomware attack on a large global law firm last summer, preventing the firm from accessing its data and crippling work and revenue for weeks – a firm's worst fear. Blocking Legitimate Traffic: Hackers aren't always trying to gain access to something you wouldn't want them to have. Sometimes blocking a firm's access to its clients, prospects, people, or other legitimate traffic can be just as damaging (or even more). In the fall of 2016, hackers infamously targeted Dyn, a cloud-based DNS provider with many high-profile clients – including Netflix, Spotify, and Twitter – crashing thousands of sites that used the company to manage their domain name system. ERIN ILLMAN As a partner at Bradley, Erin Illman co-chairs the firm's Cybersecurity and Privacy Practice Group. Erin is designated as an ANSI Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals and serves on the North Carolina Bar Association's Privacy and Security Committee. She regularly advises clients on GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws, as well as privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations and counseling clients on a variety of e-commerce, electronic marketing, digital contracts and security issues. Erin received her J.D. from the University of Alabama School of Law and her B.A. from the University of North Carolina at Chapel Hill. Erin can be reached at eillman@bradley.com. C O N T I N U E S O N N E X T PA G E