Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central. This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it!
Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding.
As the risk of breaches increases, boards – whose role when they oversee the CEO is to act as fiduciaries on behalf of shareholders– are increasingly at risk of falling short of their responsibilities. While board members are not expected to be experts on information security, they must make sure that the company has the right people and processes in place to erect defenses against information security violations, to establish procedures for monitoring the level of information security, and to make sure that the right steps are taken should a security breach occur.
Santarcangelo interviews Peter S. Cohan in this article and shares additional insight that all directors, CEOs, and CISOs need to understand about each of their respective roles in this process. Take the time to read this article.
New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your company ready?
In my latest Ethical Boardroom article, I explain
how these Cybersecurity Regulations can impact businesses of all sizes, in all industries, and all around the world,
what specific steps regulated companies must take to be in compliance with the Cybersecurity Regulations, and
what these Cybersecurity Regulations mean for nearly all companies.
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.
The Wall Street Journal did an interview of my friend, collaborator, prolific author, and the the original Cyber Patriot, Paul Ferrillo to discuss how companies can make their cybersecurity plan better. Here is the full article: Making Your Cybersecurity Plan Better
Paul and I are both firm believers in focusing on the basics so that is all you really need to know to make you want to read the article. Beyond that, I’m not going to spoil it here by giving away all of the answers but here are some of the topics that Paul explains in more detail in the article:
What are the biggest mistakes companies make when it comes to thinking about and executing on a cybersecurity plan?
Why companies have trouble communicating about cybersecurity issues.
What companies can do to improve their communications.
Whether boards are getting better about cybersecurity issues.
Where companies are falling short in training employees about cybersecurity.
How companies should think about cybersecurity in the new Trump administration.