Federal laws, like the Computer Fraud and Abuse Act, attempt to address cybercrime.
“But the biggest problem is enforcement,” according to David Opderbeck, a law professor
at Seton Hall University School of Law and co-director of the university’s Gibbons
Institute of Law, Science & Technology. “A lot of the bad actors are overseas — sometimes
even a government — and U.S. authorities may not be able to pursue them.”
Businesses need to have a plan in place before a breach, he added, “including who
in the organization gets notified. To keep additional sensitive information out of
the public domain, a company may want to speak with legal counsel, who may be able
to assess attorney-client privilege.”
If a company gets breached, state and federal law may have notification requirements,
he said. “Also, it may be useful, or required, to work with the FBI, but a business
owner may not be comfortable sharing all of their information with federal agents;
and there could be questions about whether the government has to keep quiet about
the results of its investigations.”
Opderbeck’s cybersecurity tips include training employees in best practices, and taking
steps to secure and track personally identifiable information and other sensitive
data. “Know what it is, where it is, and consider encrypting it to keep it safer,”
he said. “Also, investigate your third-party vendors and other partners. Find out
about your vendors’ security practices, since they could be a weak link; and review
your contracts with them, since they may address liability and other issues.”