Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
Most organizations have good intentions to follow “cybersecurity best practices,” but the sticking point comes when deciding what these practices are and how they relate to individual businesses. While lawyers have an ethical duty to protect information under Rule 1.6: Confidentiality of Information and businesses that accept credit cards must comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements, there is much more to securing a network than following best practices and requirements. Certainly following these practices is important, but following their intent is what makes the difference between protecting a business and performing perfunctory duties.