Jim Middlemiss, Listed
A string of high-profile cybersecurity breaches has focused attention on an emerging challenge in the boardroom: are directors doing enough to ensure their companies are adequately protecting sensitive data and technology?
Adam Kardash, a privacy lawyer with Osler, Hoskin & Harcourt, urges boards to put in place an incident response protocol as part of an overall “robust network governance framework” that addresses cybersecurity risk.
“The response plan is critical when the cybersecurity incident occurs and you are in a crisis event. The plan outlines the core steps, at a very general level, that the enterprise will take to address the crisis and investigate it to contain whatever has occurred and establish immediate and long-term remediation.”
He says a cross-disciplinary team needs to be established comprising senior management, information technology, legal, human resources, public relations, insurance, key vendors, forensic and people from core areas of the business. Law enforcement officials also need to be contacted.
He adds that the plan needs to be tested in advance of a real event. Little things can stymie it, such as the inability to reach a key person because of lack of contact information. “Once you’re in a crisis, all bets are off. You have to have information at your fingertips.”
Read the full article.
Reprinted with permission from the Fall 2014 edition of Listed magazine, published by Tully Media Inc.