The indictment handed down this week against 12 Russian nationals over the hacks of the Clinton campaign and the Democratic National Committee ahead of the 2016 U.S. elections are a reminder than even sophisticated organizations aren't immune to cyberattacks.

Corporate Counsel spoke to Ed McAndrew, a partner at Ballard Spahr who focuses on cybersecurity, about what legal departments can learn from the hack against Hillary Clinton and DNC. McAndrew says there are a number of programs to curb the chances of getting hit with this type of hack. One is Domain-based Message Authentication, Reporting and Conformance (DMARC), which he said allows a computer to recognize that a domain used in an email is not coming from the correct place.

Secondly, the indictment does not mention if someone who clicked on a malicious email in the case of the election hacks reported the email. McAndrew said that the sooner an employee discloses clicking on a link, the sooner the company can investigate and mitigate the damage done. "There are a lot of disincentives for employees to be open about clicking on the wrong email," McAndrew said.

Read the full article here. Subscription may be required.