IDENTIFYING AND PREPARING FOR PRIVACY AND CYBER SECURITY RISKS

Cyber attacks have become big business for threat actors and companies are working hard to be prepared. At the same time, privacy regulations are changing and increasing, and enforcement of privacy laws is similarly on the upswing. As companies use more sophisticated technologies, like artificial intelligence and biometrics, their cyber security risks and privacy compliance obligations increase.

The Federal Trade Commission (FTC), for example, has emphasised to companies that it will be looking closely to see if companies are taking care to avoid discriminatory outcomes, using correct datasets, and otherwise using artificial intelligence in fair and equitable ways. In other words, not using it to engage in unfair and deceptive practices in violation of the FTC Act.

The European Data Protection Board (EDPB) has made similar cautions to companies. Meanwhile, organisations know that threat actors are looking for opportunities to exploit technical vulnerabilities. Phishing attacks, ransomware demands and other cyber crimes are on the rise.

In light of these risks, what can companies do? There are four key steps that every company can implement to prepare – and remain vigilant – in this increasingly risky world.

Acknowledge that not all risks are the same

Companies faced with potential cyber attacks or trying to prepare for constantly changing laws will often jump immediately into action. These include updating policies, implementing operating procedures to execute on those policies, strengthening internal controls and auditing compliance. These steps are of course helpful, and many are required by law. They often, though, may only help with preventable risks.

Jul-Sep 2021 Issue

Sheppard Mullin

Join our free mailing list to read the full article