As we reported last week, Judy Selby has joined BDO Consulting from BakerHostetler to build up the company’s cybersecurity and cyber-insurance practice. As a managing director of technology advisory services for BDO Consulting, she will help companies address cybersecurity risks and transfer those risks through insurance.
The value of insight is rarely doubted, but when it comes to company data, an enterprise’s knowledge is often ambiguous at best. While many IT departments have attempted to rectify company practices, tech habits that can vary significantly from employee to employee often render organizations vulnerable to security breaches, illegal behavior and compliance violations.
The day two plenary session at Legaltech New York, “Mitigating Risk with Information Governance and Insight,” brought together some of the best legal minds at the intersection of information governance (IG) and law in effort to shed light on how crucial it is for enterprises to develop a greater understanding of the data they possess. [Read more…]
Given that boards can be sued following a cyberbreach, board members need to prioritize cybersecurity and establish a culture of security awareness throughout the organization, according to Judy Selby, partner at Baker Hostetler and co-leader of the firm’s information governance team.
Boards Need to Prioritize Cybersecurity
David Johnson had just finished meeting with a cybersecurity consultant about beefing up the company’s protections when he learned the servers had been hacked.
As general counsel of Global Cash Access, a company that manages cash on hand for casinos, Johnson was highly concerned about protecting the company servers: Literally, millions of dollars were at stake. Hiring a consultant to sniff out vulnerabilities had been the first step taken by the company’s new senior vice president of IT, and everyone at the meeting had agreed the consultant should take the next few months to see if he could penetrate their computer system. [Read more…]
Editor’s Note: The author of this post is a fellow at CodeX: The Stanford Center for Legal Informatics.
By Monica Bay, Fellow, CodeX: The Stanford Center for Legal Informatics.
Think you don’t need cyber insurance? Think again.
Big Law is a big target for cyber thieves, experts warn. For starters, law firms are viewed by criminals as low-hanging fruit — because firms are perceived as having “relatively lax security as compared with their sophisticated corporate clients,” said Roberta Anderson, a partner at K&L Gates, and co-founder of the firm’s Cyber Law and Cybersecurity practice group.
Big Law firms have treasure troves full of the exact kind of data that sophisticated cyber criminals seek: protected, personally identifiable information and protected health information. On top of that, “law firms typically are a repository for valuable corporate data, including intellectual property, such as patents and trade secrets, information about important M&A activity, and other sensitive data,” said Anderson. [Read more…]
“Employees are at the root of most cyber breaches” said Judy Selby, Partner of BakerHostetler LLP while moderating “The Weakest Link: Employee Practices Around Cybersecurity” panel at Legaltech in early February. Selby was joined by Gamelah Palagonia, Founder of Privacy Professionals, Amy DeCesare, AVP, Litigation Management, Allied World and Xenia Ley Parker, principal of XLP Associates.
With recent breaches in the press, we tend to focus on technology, however these events mostly happen because of employee behavior. It could be as simple as a well-meaning employee sending business documents home to work over the weekend, or because an unprotected laptop was stolen, or because an email was forwarded to the wrong person. Breaches can also occur maliciously by disgruntled employees as well. [Read more…]