By: Brian Egenrieder, CRO, SyncDog
Warren Buffet is quoted as saying, “It takes twenty years to build a reputation and five minutes to ruin it.” He’s right. Brand reputation is built by continuously providing internal and external stakeholders with top notch results on brand promises. Brand promises include protecting sensitive information like PII. For this reason, brand reputation is not only the concern of marketing and PR teams but also IT and legal teams.
One of the ways a company can find itself in hot water is by not securing the data it collects from customers. A growing concern with the protection of information is reflected by the increasing government regulations being put in place to ensure citizens’ data privacy.
Example – GDPR
GDPR is just over two years old and is the EU’s main privacy law which impacts any business interacting with European citizens, regardless if they have a physical presence there or not. The following seven points are the main principles of GDPR’s Article 5.1-2. Repercussion for violating any of these principles is a significant fine — “€20 million ($25 million) or 4% of annual global sales, whichever is bigger.”
Image Source: www.gdpr.edu/what-is-gdpr/
Legal’s Role in Cybersecurity
Key players in a company’s cybersecurity plan, implementation, and tools include the CISO (or CIO), IT team and legal team. Individuals in these roles need to conduct regular discourse to ensure the security tools being used by the company achieve all legal security requirements necessary to be compliant with applicable regulations. If the legal team is not part of this equation, there is room for error in selecting the most appropriate and functional tools.
Should a data breach, ransomware attack, or any other type of cybersecurity incident occur, the legal team will be critical for interfacing with local, national and international authorities, as required. Early notification of an incident can help the legal team more thoroughly prepare to navigate the company through the situation.
COVID-19’s Impact on Corporate Security
Since the onset of the COVID-19 pandemic and the swift shift to remote work, the concept of securing employees working from home has been a mainstream topic. Meanwhile, mobile security has been on the forefront of security professionals’ minds since the introduction of mobile devices. When employees work remotely, even doing something as simple as sending an email from a smartphone, they are expanding the company’s attack surface. The workforce transition forced by COVID-19 has brought to light the need for mobile security of employees’ devices, particularly in a BYOD environment, to a wider audience including company’s legal teams.
The Compliance Solution Legal Teams Need to Know About
One of the most challenging aspects of achieving compliance is finding the right combination of solutions. There is in fact a single solution that offers mobile security, easy user experience, fosters trust and transparency between employers-employees and helps achieve compliance with government data privacy laws. That solution is Secure.Systems.
Secure.System can be deployed remotely to your team’s mobile devices in a matter of minutes. The encrypted container creates a business environment on devices where popular productivity tools, like Microsoft Office Suite and Skype for Business, live and retain functionality similar to desktop versions. Secure.System essentially creates a ‘professional persona’ on employees’ personal devices, separating and protecting corporate and personal data.
Legal teams are always thrilled to learn that instances of Secure.Systems can be remotely wiped, without accessing or impacting the employees’ personal data. This is particularly helpful if a device is lost or stolen, in situations where third party contractors are temporarily onboarded, and if an employee is dismissed. Secure.Systems offers peace of mind to employers and employees alike.
To learn more about how Secure.Systems can be used by your company, and how it achieves compliance, get in touch with our team.
Note: The content of this blog is not legal advice and was not written by a legal professional.