Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/129296
LAW DEpARTMEnT MAnAGEMEnT MANAGING CYBER RISK Should in-house counsel be asking more questions about the strength of their company's cyber systems and bringing the conversation to their department? By Jennifer Brown If they didn't have enough on their plate already general counsel are feeling the pressure to become more concerned about the risk of cyber-security threats to their organizations and they are starting to ask more questions about what they can do to help mitigate that risk. "Every company takes steps to protect their information — but there is an element out there that will utilize the resources they have to access information and it becomes that much more im36 • ju n e 2013 INHOUSE portant that we do everything we can to reasonably protect against that risk. It has become a higher priority item for us," says Robert Piasentin, general counsel for Vancouver-based Sierra Systems, an IT consulting firm. Chatter on this topic seems to be reaching a greater pitch. Consider U.S. President Barack Obama's reference to it in the State of the Union address recently, when he noted he has put forward an executive order to improve the nation's cyber security. With attacks on both private and government systems becoming more frequent, the goal is to try and focus attention on the problem. His message came a week after the Consero Group consulting firm revealed in its 2012 General Counsel Survey indicating 30 per cent of GCs they talked to said their companies were not prepared to defend against cyber attacks. In addition, 28 per cent said their companies had experienced a cyber security breach in the past 12 months. The Association of Corporate Counsel's survey of CLOs also listed "data breaches and protection" as one of the top issues keeping them up at night. Lou Milrad, of Toronto-based Milrad Law, can see why all this is bubbling up to the surface. He has been working with inhouse legal departments — especially municipal governments — in the area of cyber security for a number of years, in particular around mobile devices used and owned by employees for corporate work. He sees a communication gap between the IT teams and the legal department. "My big concern, quite frankly, is that the IT departments are not reaching out to the in-house counsel and making them part of the team that does the evaluations. There can be quite a few risks around breach of privacy, IP violations, and that kind of thing," says Milrad. "Consider things as simple as if an employee leaves and the corporation made a decision to use the employee's device — does it have the ability to do an audit or inspection of that device?" The numbers cited in the Consero survey actually sound low to Mike DuBose,