Following recent high-profile cyberattacks involving SolarWinds, Colonial Pipeline and others, the White House issued a memo to executive business leaders urging companies to take immediate actions to help protect not only companies themselves, but also customers and the broader economy. The memo follows the Executive Order signed by the President in May that was intended to strengthen the federal government’s cybersecurity defenses.
Among other recommendations, the White House memo urges businesses to adopt the five best practices outlined in the President’s Executive Order, including multifactor authentication, endpoint detection, endpoint response, encryption, and a skilled, empowered security team. In additional to operational and technical matters, this Jenner & Block memo includes a couple of helpful reminders for legal teams:
Importance of a Multi-Functional Team: Cybersecurity and information protection are broad efforts encompassing many different skills within a company. Legal counsel should be included in the team to advise about the application of relevant laws, regulations, and policies, and to prepare for potential litigation and enforcement actions.
Importance of Legal Privilege: Companies should consider how to maximize the application of legal privilege to internal factfinding efforts that are designed to address potential legal exposure from cybersecurity and data protection rules.
Recently, Deputy Attorney General Lisa Monaco also spoke up about increased risk of ransomware attacks, urging disclosure and cooperation with the FBI. This CNBC piece provides a summary of her remarks.
– Lynn Jokela