Nearly all businesses confront data risks. Data security includes not just the obvious concepts of confidentiality and integrity, but also availability, and is of critical importance. According to a recent Forbes magazine article (For Financial Institutions, Cyberthreats Loom Large), the cost of a data breach in the financial sector was $5.72 million, while ransomware payments in the US reached $590 million in the first half of 2021. Unless the business of your organization is actually data security prevention and mitigation, you should be empowering your staff to make the best decisions and fund the technology that will ensure data security. We can help identify areas where companies have failed to employ best practices and subjected themselves to lawsuits, which can come from shareholder derivative lawsuits, as well as consumers.
The staff that you employ or contract with to manage your information technology is the most critical element to your data security. They stand between your data and the hackers who will relentlessly attack your system and try to steal your data or ransom it. The IT personnel should employ techniques and use software and hardware that evolve to meet the threats and risks that are constantly emerging.
Federal law creates a duty to take reasonable steps to mitigate known software vulnerabilities. Among other legislation, the Federal Trade Commission Act ( and the Gramm Leach Bliley Act come into play when vulnerabilities are discovered and exploited and risks of a loss or breach of personal information results. Recently, the FTC issued a warning to companies that use Log4j, a Java logging software that is commonly used to record activities in a wide range of systems in consumer-facing products and services. The warning stated that Log4J had a serious vulnerability that was being exploited by a set of attackers and that the FTC would use its full legal authority to pursue companies that failed to take reasonable steps to protect consumer data. This is just one recent, poignant example of laws that Grant | Shenon are familiar with and can help you decipher and comply with. We regularly advise clients on issues of data security prevention and mitigation and can defend data security breach cases.
As a law firm, where everything we do is highly confidential, we dove into mitigation strategies headfirst, with software and training of staff as special focal points. Our information technology professionals (attorneys don’t do tech, but they hire the best!) provide upkeep to our modern operating system, complete with a system recovery plan. They rely on up-to-date hardware with integrated security features, continually monitor for network intrusions and malicious events, and transitioned us to multi-factor authentication.
Our lawyers have experience in state and federal courts in experience across the board. Many of us have also served in organizational management with experience in managing information technology staff and can help clients with a variety of needs in enterprise risk management, cybersecurity, technology and internet law.