Winthrop & Weinstine
The ongoing conflict between Russia and Ukraine can seem very far away; however, U.S. authorities have warned businesses to be on alert for invasion – over the Internet. Senior government officials are calling for businesses to heighten their security and vigilance over the possibility of cyberattacks coming from Russia, including ransomware and phishing attacks, in response to the war and the economic sanctions that have been imposed. The increased threat, combined with the fact that cybersecurity incidents have been on the rise, including several large-scale ransomware attacks in 2021, and there is an even stronger case for ensuring that your business is protected from a breach.
Data breaches can cause significant legal issues, even for small businesses. All 50 states have data breach notification laws, but the exact requirements of those laws vary from state to state, and depending on certain details, notification often requires multiple layers of regulations from different states. No matter the size of your business, if you have data you can be a target, especially in the energy and transportation industries. Whether the attacks originate in Russia or anywhere around the world, business should take crucial steps to ensure the security of their information and operations.
There are many steps that your business can take to protect your systems and data against a cybersecurity attack:
- Make sure that all software your business uses is up to Software that is out-of-date can contain security vulnerabilities that hackers can exploit to access your data.
- Require the use of multi-factor authentication (MFA). MFA is an authentication method that requires users to verify themselves by providing something they know (like a password) as well as something they have (like a smartphone that receives a code). MFA makes it harder for hackers to access a system, because it is less likely they will have control over both factors.
- Train employees about the importance of cybersecurity and how to recognize common hacker tactics like phishing and Business Email
- Back up data in a separate secure location so you are still able to operate in case an attack occurs.
- Be prepared to respond to a disruptive cyber incident if it Having an incident response plan already in place allows businesses to move quickly to take steps to address any suspected attacks and avoid further damage.
It’s never too early to prepare your business against a possible cyberattack. In addition to the notification requirements described above, data breaches often impact contractual obligations, and can sometimes give rise to lawsuits brought by individuals who claim to have been harmed by the breach. Having strong security measures in place can help protect not only against a breach, but also against any related lawsuits that arise. Work with your lawyer and cybersecurity professional to tailor your plan to your business needs and prevent a headache later.
About the Authors
Lisa Ellingson is co-chair of the Data Privacy and Cybersecurity practice group at the law firm of Winthrop & Weinstine. She advises clients on a wide range of data protection and privacy matters, and has also earned CIPP/US and CIPM certification.
Tammera Diehm and James Dierking co-lead Winthrop & Weinstine’s Downstream Energy team, which provides practical advice on day-to-day operational issues and full-service representation to clients across the country, including gas and convenience store owners, petroleum distributors and other companies in the industry.
Winthrop & Weinstine’s dedicated team provides full-service representation to gas and convenience store owners and fuel distributors. We provide legal and practical advice in day-to-day operational issues, acquisitions and divestitures, and a host of other complex legal matters. Our extensive industry knowledge gives us a full appreciation of the issues facing your business, including those relating to real estate, land use, zoning, leasing, environmental concerns, finance, tax, employment, contract negotiation, intellectual property, succession planning, regulatory, mergers & acquisitions, and litigation.