Cybersecurity Basics in an Ever-Connected World

Data and privacy are increasing concerns in today’s business environment. Many states and foreign governments have passed legislation that attempts to address some potential risks existing in our hyper-cyber environment. Recently, on December 13, 2020, cybersecurity firm FireEye detected that the SolarWinds’ Orion Network Management Products were compromised by a foreign-state sponsored cyber-espionage intrusion. This wide-ranging campaign impacted many government entities, from federal to local agencies, and private businesses utilizing the Orion software across multiple industry sectors.

Organizations are often responsible for implementing commercially reasonable cybersecurity protections, with obligations arising under laws, industry standards, and contracts.While the incident mentioned above is sophisticated and the related investigation ongoing, this incident and others have made clear that there are relatively simple steps each and every organization can take today to help mitigate cybersecurity risks and strengthen defenses.

Many cybersecurity attacks or intrusions seek to exploit vulnerabilities that exist in every organization, namely individuals and technical vulnerabilities. In order to harden these universal vulnerabilities, an organization should conduct a cybersecurity audit and risk assessment, preferably annually and, if possible, through a third party.

A cybersecurity audit can take many forms but, at its basic level, should cover the following:

  • Documenting and confirming current hardware (any not decommissioned) and installed software (even if unused);
  • Examining current organizational policies relating to the security practices, both physical and digital;
  • Examining data flow across the organization – What data is acquired by the organization? Where does the data go? Who has access? How is the data retained? How is the data disposed?
  • Reviewing technical frameworks relating to the foregoing.

By understanding its cyber assets (both hardware and digital), an organization can better analyze its risk in the cyber world.

Contact An Attorney

A cybersecurity risk assessment helps an organization understand the role of cybersecurity in its day-to-day operations and impact its business model. A risk assessment should include technical, operational, and executive personnel. The risk assessment should include discussion of the following:

  • Threats to the organization – based on industry, organization, personnel, etc.;
  • Vulnerabilities in the organization – digital infrastructure, environment, etc.;
  • Probability of an event occurring; and
  • Impact on organization if an event were to occur.

The risk assessment gives the organization the opportunity to understand its exposure and the implications cybersecurity has on day-to-day operations. The industry an organization operates in and its own complexity can change cybersecurity expectations and requirements.

The first step in implementing a cybersecurity and privacy compliance framework is understanding how these issues fit within the organization as a whole. Software and tools can help strengthen an organization’s cybersecurity defense; however, organizational awareness, deliberation, and buy-in across all levels can assist in taking cybersecurity protection to the next level.

For questions regarding cybersecurity, contact the author Justin Molitoris at jtm@barrettlaw.com or  (260) 423-8859.  

Barrett McNagny LLP

Legal Disclaimer

The information contained in the Barrett McNagny LLP website is for informational purposes only and should not be considered legal advice on any subject matter. Furthermore, the information contained on our website may not reflect the most current legal developments. You should not act upon this information without consulting legal counsel.

Your transmission and receipt of information on the Barrett McNagny LLP website, or sending an e-mail to one of our attorneys or staff, will not create an attorney-client relationship between you and Barrett McNagny LLP. If you need legal advice and want to establish an attorney-client relationship with Barrett McNagny LLP, please contact one of our attorneys by telephone, email, or other means of communication, and allow the attorney to confirm that the firm does not represent other persons or entities involved in the matter and that the firm is willing to accept representation. Until such confirmation is provided by one of our attorneys, you should not transmit information to us that you consider confidential. If you do provide information to us, and no attorney-client relationship is established, the information will not be considered confidential or privileged, and our receipt of such information will not preclude us from representing another client in a matter adverse to you.

Any links to other websites are not intended to be referrals or endorsements of those sites.

Privacy Policy

Terms of Use

ADA Compliance

Contact Us
Hello,
My name is
 
and I am a(n)
seeking legal counsel in the area of 
.
Please
me at
as soon as you can.

Thank you for contacting us!

A representative will be in touch with you shortly.

An attorney-client relationship will NOT be formed merely by sending an email to Barrett McNagny, LLP or to any of its attorneys. Please do not send any information specific to your legal needs until you obtain approval from a Barrett McNagny, LLP attorney, as the content of such email will not be considered confidential or privileged. By sending us an email, you confirm your understanding of this notification. If you agree, you may use the e-mail links on this page to contact an attorney.
YesNo