To Avoid Liability, Companies Advised to Protect Computer Systems

With warnings of new vulnerabilities in the Windows operating system and the threat of a potential new “blaster” virus, Microsoft Chief Executive Steve Ballmer this week called for the software industry to intensify innovation efforts to stop the spread of malicious computer code.

Individual companies using susceptible software also are being advised to be vigilant in protecting themselves and others. Companies affected by viruses can reportedly be held liable for any damage viruses cause their suppliers’ and clients’ computers.

“When you participate on the Internet, you’re network communicates with other networks,” said Bill Cook, a partner at the Chicago law firm Wildman Harrold (www.wildmanharrold.com) and a provider in information security law and computer and network security liability issues. “The vulnerabilities in your systems quite often cause damage downstream. Companies need to make sure from a corporate due diligence standpoint that they’ve taken the necessary preventative steps to make sure they’re not the tool used by a terrorist or hacker to create downstream damage.”

‘Downstream liability’ – what the referred scenario is known as in legal terms – is just one of a growing number of complex and technical legal/security issues corporations should reportedly be concerned with in the post-9/11 marketplace.

Other issues include knowing whether-or-not U.S. regulators will view the company’s compliance programs as adequate; what a company’s liability risks are; properly addressing work place issues such as Internet and e-mail usage, protection of intellectual property, work place privacy and sexual harassment; and knowing if the company’s information sharing program with federal and state agencies, as well as other businesses, create Freedom of Information Act and anti-trust implications.

The government’s new, regulations have reportedly been designed to protect business infrastructure from hostile attacks and intrusions, but they also reportedly place additional burdens on corporations in virtually every industry and especially insurance, academia, banking & finance, chemical, defense, healthcare, pharmaceutical, public utilities, retail, securities, telecommunications, and transportation.

Conducting an internal security audit to uncover vulnerabilities and assess compliance needs in light of the newest federal regulations and litigation eventualities is the first thing a company should do to protect themselves, according to Cook.