Back in January, I gave my list of essential issues for in-house counsel to pay attention to in 2021. One of the items I listed was “phishing.” Unfortunately, I was right to highlight it. Phishing has been a hot topic in 2021. More alarming, however, is that phishing’s good buddy ransomware has become an even bigger issue for in-house lawyers. In the first half of 2021, ransomware attacks are up over 148% (with more attacks than the last ten years combined!). The average ransom is now $200,000-$300,000 (with demands now exceeding $10,000,000.00) and businesses are down an average of 21 days whether they pay the ransom or not! I don’t know about you, but being down for three weeks and getting stuck with a $300,000 bill to access my data would be a real problem for most companies. To make matters worse, bad actors are getting more and more sophisticated, looking for new ways to gain access to corporate information systems. The good news is that there are things you can do now as in-house counsel to help your company prepare for and limit, or even prevent, a ransomware attack. Proactive in-house counsel is valuable in-house counsel, so taking steps now is an excellent way to demonstrate the value of the legal department. This edition of “Ten Things” walks you through some of the steps you can take to mitigate the damage of a ransomware attack:
As in-house counsel, you have probably been asked the following question by a panicked (or at least pretty stressed-out) CEO or CFO: “What are we doing about data privacy? Are we okay?” You likely have a good answer, or at least the start of one. Still, your answer may be as open-ended as the question and you can feel overwhelmed by the sheer amount of information on the topic. I know that you want to read another article about data privacy about as much as you’d like to have a safe dropped on your head. But, don’t stop reading. This will not be an overly-detailed discussion about all of the nuances of the issue or a list of regulations and laws of multiple countries (though those discussions are valuable). This edition of “Ten Things” will set out the essential things you need to know about data privacy — key points that you can focus on as you work through or oversee data issues for your company.