WindTalker Blog

“General Counsel Thirsty for Learning Better Methods of Cybersecurity Compliance Programs”

Posted by WindTalker, Inc.


Sue Reisinger reported in Corporate Counsel that, “As Cyberattacks on Business Grow, General Counsel Are 'Thirsty' for More Details.” This is great news! When a profession is thirsty for details – for knowledge - solutions follow, and in the typhoon of cybercrime happening today, thirst for solutions is exactly what is needed.

Let’s take a step back and remember this: only four decades ago, there was no cybercrime. None. According to GooseVPN, “there was no real cybercrime until the 1980s. The first person to be found guilty of cybercrime was Ian Murphy, also known as Captain Zap,” back in 1981. He hacked ATT to mess with its internal clock so that users could make free calls at peak times. And from there, a world with hacking, breaches, and ransomware was launched.

Today, cybercrime is one of the most prolific forms of crime and criminal enterprise in the world, with bad people and hostile foreign actors, putting passé stuff like John Dillinger’s bank robberies to shame.

Shocking statistics can be found daily and has General Counsel coming forward -- talking, worrying, inquiring, and desperate to know more and how to better protect their organizations.

In the article, Laurel Rimon (Senior Counsel at O’Melveny & Meyers, and veteran DOJ/Assistant U.S. Attorney/GC for Inspector General for Homeland Security/former ADD of Enforcement Consumer Financial Bureau) says she speaks with GCs and CCOs regularly.

According to Ms. Rimon, the consensus is that the sharing of information within companies and organizations can be improved. “Sharing information is always a challenge, but there is a much stronger emphasis now on making sure different silos in the business are talking to one another.”

Organizations are adopting ever stronger compliance plans, iterating and reiterating new ideas and new technologies designed to improve security while enabling collaboration, by making certain the best systems possible are budgeted for, adopted, and vigorously put in place. Protocols, software, strong ongoing internal and external education, good practices are all the linchpins of robust, effective cyber and information security.

Michael Zweiback (noted cyber attorney specialist, and former Ass. U.S. Attorney cyber/intellectual property crimes) commented that “sometimes the simplest techniques can be the best.” By that he means the “old analog method of picking up the phone and actually verifying a transaction over a certain dollar amount” can be very effective.

And with that, we wholeheartedly agree. But information security requires so much more, because untold volumes of information are shared every day and only a few select data points can, as a practical matter, be verbally verified within the confines of a hectic multi-tasking modern world.

To a broader point, Mr. Zweiback advises that “General counsel needs to look at patterns of behaviour of their own personnel, and make sure they are not doing the easiest and most efficient thing electronically, while not actually talking to one another.”

While again we agree, often the easiest and most efficient electronic method might be best – particularly when easy, efficient, and innovative infosecurity software does the trick.

In his a recent speech, Kenneth Blanco, Director, Financial Crimes Enforcement Network (FinCEN) urged all GC and attorneys to “incorporate the innovative approaches being taken by financial institutions and others, in order to have the best and most actionable information [about cyber and infosecurity] available.”

Which leads to the quote that prompted this commentary, offered by Ms. Rimon:

“General counsel and compliance folks continue to be thirsty for more details” about cyber and info security compliance programs that will work for governmental and institutional compliance because “ it is frustrating for companies dedicated to compliance and who really want to provide meaningful information, when they are kept in the dark about what government is aware of. They need more insight.”

Topics: compliance, cybersecurity, General Counsel, Legal Technology, cybercrime, corporatelegal