Who’s minding best practices: A look at what it takes to secure a network (InsideCounsel, 4 Nov 2014) – Most organizations have good intentions to follow “cybersecurity best practices,” but the sticking point comes when deciding what these practices are and how they relate to individual businesses. While lawyers have an ethical duty to protect information under Rule 1.6: Confidentiality of Information and businesses that accept credit cards must comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements , there is much more to securing a network than following best practices and requirements. Certainly following these practices is important, but following their intent is what makes the difference between protecting a business and performing perfunctory duties. Before the recent spate of breaches on some big-name retailers, you may have thought that with all the rules and regulatory requirements retailers are subject to under the Payment Card Industry Data Security Standards (PCI DSS) that their networks would be secure. However, the problem often lies with what these companies are not doing rather than what they are doing. While these companies may have “followed best practices,” they may not have done what would have been best, either because of a lack on their end or on their adviser’s end.
Provided by MIRLN.
Image courtesy of FreeDigitalPhotos.net/StuartMiles