How To Build Out A Cybersecurity Program

In this short video, Tim shares his thoughts on cybersecurity and how to build out a program. He highlights identifying a champion within the organization outside of legal and staying informed on ever-changing laws.

Transcript

Question: What is your take on cybersecurity? How do you think about building out a program?

Answer: The most important thing that I found is find somebody in the business who could be a champion.

There's probably somebody in your engineering team or if you have a compliance team. There's somebody in the business on the technical side of the business who is always thinking about security. There's gotta be at least one person in your org. Go find that person and have that person be your champion. Get to know that person.

You have alignment there. Makes it a whole lot easier, and it looks a whole lot less like an edict coming down from a legal team that has no idea how an engineering team works or an IT team or whatever.

Finding those partners who actually care about creating a secure environment is essential. Then from there, there are all sorts of different programs you can follow and, you know, best practices and things like that. But if you don't have those stakeholders with you, it's gonna be just so much harder to be effective.

Question: How do you stay up to date with all the changing cookie laws and any current events, advice?

Answer: Have good outside lawyers who are monitoring that. I've got a couple of firms that I've worked with in the past that do their client alert bulletins. And, you know, I have firms on the employment side that do that even on some of the commercial litigation stuff. They'll just put together these summaries of what's been going on in the law and they send them out to all of their clients on a regular basis. If you actually get those, read them.

See if it applies to your business. A lot of people just are like, another spam email. Read them and see if there's anything there. That's a really good way to keep up with it. I think, you know, it's a little bit more challenging, particularly if you're not an expert in the area.

If I were practicing in a law firm in that space, in the privacy space, then I came in-house, I would probably use different resources to stay up to date. But, like, for those who don't have a background there.

I think relying on your outside attorneys is good. I think there's also a ton of value in trying to find, like, whether it's CLE or just seminars, webinars, etcetera, that are specific for in-house attorneys around these areas. Like, I think about Andy Dale. Right?

Andy Dale is a big privacy guy, and this is something that's, like, in many respects. And I don't wanna pigeonhole him because he's very, very good at a lot of different things. But you think about Andy, and he's, like, the privacy guy, and some of that maybe because of his podcast. But, like, this is part of his brand that he really worked hard on developing.

And so if you can connect with someone like Andy and have regular conversations. Use your network. There's so much going on in the development of law from not only just a statutory and a privacy perspective, right, but different cases that come down. And, I mean, you even look at some of the major cases over the years that have had pretty massive implications on the way people do business. And you look atnproduct liability cases, for example.

You know, think about the Volkswagen situation from, gosh, probably almost ten years ago at this point. It was, like, eight or nine years ago. Like, those things impact the way that you do business. And so, like, keeping up with those types of things is important.