WASHINGTON, D.C.—After a number of high-profile commercial cyberattacks, business leaders are becoming increasingly aware of the need for a cybersecurity plan of action.
Womble Bond Dickinson Communications, Technology & Media lawyer Erin Fitzgerald discussed this growing need with the South Dakota Network LLC. She said failure to plan for cyber attacks can put a company and its board of directors in jeopardy.
“Company boards have a duty of care. They have a duty to the company that they serve. And they can be found to have breached that duty of care if they don't take sufficient action,” she said.
In addition, she said cybersecurity is a constant, ever-changing need, rather than something that can be addressed once and then forgotten. As online threats change, so, too, must the response, she said.
“You have to start, and once you start you probably won't stop. That's how it's got to be,” she said. Her cybersecurity best practices include:
- Develop a cybersecurity compliance plan that includes both an incident response and recovery process;
- Perform an annual cyber health check, and meet with senior staff to review any risks or issues;
- Realize that working with third-party providers that connect with the company’s network can bring about risks;
- Require all major data breach attempts to be reported to the Board of Directors – not just the successful breaches. Create a safe environment for reporting cyber attacks.
- Make sure that managers are informed of, and can communicate the company’s cybersecurity protocols;
- Ensure that a chief information security officer is reporting at an appropriately high level of the organization; and
- Verify that the company has adequate cyber insurance coverage.
Click here to read “Cybersecurity planning has evolved into a high-level duty” by the South Dakota Network LLC.
Erin Fitzgerald advises telecommunications carriers, broadband service providers, and technology companies on complex commercial and regulatory matters. Erin also serves as Regulatory Counsel to the Rural Wireless Association (RWA) and has extensive experience on issues regarding privacy/data protection, spectrum auctions, universal service, broadband deployment, data roaming, network neutrality, and wireless licensing. Erin advocates in rulemaking and policymaking proceedings on behalf of RWA as well as individual clients, and frequently appears before the Federal Communications Commission (FCC).