Chicago’s Ken Suh, Senior Counsel in Locke Lord’s Privacy and Cybersecurity Practice Group, was quoted by Law360 on tools entities can utilize to protect sensitive information and what lessons can be learned following a ransomware attack targeting the city of Dallas. Suh explains, for any entity, baseline cybersecurity coverage includes basic data security methods like requiring employees to set up multi-factor authentication, encrypting sensitive data and having regular rotations on passwords.
“One of the most important actions entities can take is developing an incident response plan,” he said. "These documents are often very painful to produce because it really forces the organizations to say, 'Who has the authority to make these kinds of decisions? Who's getting that phone call that says, 'We need to know if we can authorize payments to law firms, payments to threat actors?' Who can authorize statements to the press? Who needs to review those things, what specific people are involved?"
Read the full Law360 article here (subscription may be required).
Sign up for our newsletter and get the latest to your inbox.