Friday, December 29, 2017

CYBERSECURITY AND THE LAW - A PRIMER : CHARLES JEROME WARE, LLC, ATTORNEYS & COUNSELORS

www.charlesjeromeware.com             "Here to make a difference."

Unfortunately, neither the law nor technical counter-measures have completely caught up with the numerous cybersecurity risks that are present in our society. Cybersecurity has become a major deal in so-called industrialized and technology-sensitive countries and societies. Individuals, companies, and even countries now have to worry about cybersecurity risks.

There are developing laws that govern the steps that potential or actual victims of Internet intrusions can take in response to potential or actual intrusions. Some of these laws deal with liability for computer intrusions, both for the perpetrator and the victim. Executive agencies, too, have been more active in promulgating standards and bringing regulatory enforcement actions relating to cybersecurity practices. Generally, U.S. government network providers must be more diligent in handling special cybersecurity issues. And, more cautious, since monitoring may implicate the Fourth Amendment.

Regardless of whether the issue is law or technology defenses, cybersecurity is only as good as the weakest link, and all too often that link is people. To ensure a safer environment, there are a number of processes that should be implemented for security purposes:

(1) Create a formal security policy and some procedures for yourself, office or home.
(2) Educate your employees, partners and family members.
(3) Test and practice your incident response plan.
(4) Keep your software up-to-date.

It is said that by the year 2020,  99% of computer vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.

Be very careful and follow these suggestions:
 (1) Design security into your software is a good first step.
 (2) Control your "access control" to your devices to the fewest people possible.
 (3) Encryption is frequently called the backbone of cybersecurity strategies. Encryption is the process of making data unreadable through the use of algorithms to create complex codes.
 (4) A combination of security information management (SIM) and security event management (SEM), security information and event management (SIEM) software and services provide real-time analysis of security alerts generated by applications and network hardware.
(5) Data Loss Prevention (DLPs) software or strategies will help ensure that people do not send critical or restricted information outside the company network.
(6) A FIREWALL --- either in hardware or software, or in a combination of both --- is a network security system that uses rules to control incoming and outgoing network traffic and prevent unauthorized access.
(7) Get an Intrusion Detection System (IDS), which is intended to detect network or system attacks in progress, and assist in post-attack forensics.
(8) And, of course, get good Antivirus (AV) Software to detect and destroy viruses.

1 comment:

  1. Thanks for sharing this informative post with us. There was such great detail when you are explaining each point. Have a great rest of your day and keep up the posts.
    Lawyer Philadelphia

    ReplyDelete