On September 15, Smith Anderson Partner Joe Dickinson* participated in a panel discussion on WUNC-TV’s “Bottom Line” alongside Jim Guido, Vice President of North State Technology Solutions, a cybersecurity solutions center. Moderated by “Bottom Line” host Joe Stewart and Editor of Triangle Business Journal Sougata Mukherjee, the panel discussed cybersecurity and what businesses can do to protect their data.
As leader of Smith Anderson’s Data Use, Privacy and Security Group, Joe explained his practice is focused on helping clients understand that a major risk comes before their companies suffer a breach and how they can best position themselves to minimize potential liability and risks before incidents occur.
Sougata Mukherjee commented that cyber-attacks mostly seem to target large companies with expansive customer bases and asked why small or medium-sized businesses should care. “We often see that it’s actually those smaller businesses that are the primary focus of attacks,” Joe explained. “The bad guys want to gain access through those smaller businesses, which typically do not have robust cyber programs, to get to the big dollar companies where much of the real valuable data is.”
Joe added, “Often clients believe that because theirs is a small company, no one is paying attention to their data. In fact, the opposite is true – they can be the low hanging fruit that the bad guys will target to get to the larger companies.”
“From a regulation standpoint,” Joe continued, “many businesses do not realize they have legal obligations to assess how they process data—where it comes into their organization, what they do with it, and where they send it. If, as part of that data flow, your organization does not have good safeguards in place, liability can land in more than one place.”
Wrapping up the conversation, Joe acknowledged that small companies are often overwhelmed and frustrated trying to keep up with the number of laws and regulations applicable to proactive cybersecurity. To that end, he encouraged business owners to focus on the common denominators of those regulations and simply do something. “If you throw up your hands in frustration and don’t implement a robust program—that’s what we refer to as being a victim twice,” he said. “You’re a victim when you’re hacked, and then potentially a victim again when a regulatory agency looks at you and says ‘here’s your fine because you didn’t have an adequate security program in place’.”
Joe is a seasoned data use, privacy and security lawyer with more than 25 years of business and legal experience advising technology companies and healthcare and government entities. His extensive experience includes helping clients to identify their risks and to design, implement and manage data privacy and security programs for their business, as well as advise on HIPAA compliance, technology licensing and transfer, GDPR compliance, data breaches and governmental privacy-related investigations, and conducting internal investigations related to corporate compliance.
If you are having trouble viewing the video, it is also available on Vimeo.
* Admitted to practice in Ohio, not yet in North Carolina