Larose, a partner at Mintz Levin, is a privacy and security expert who helps companies protect their data.
Cynthia Larose (’88) is not a social media executive and bestselling author like Facebook’s Sheryl Sandberg, nor is she an influential engineer like StubHub’s Raji Arasu. So what led the National Diversity Council to put Larose, a partner at the Boston firm Mintz Levin, next to Sandberg and Arasu on this year’s list of the top 50 most powerful women in technology?
It’s her job to help keep your data from getting stolen.
With widespread data breaches leading to business disruptions and negative press across the world, Larose, who leads Mintz Levin’s privacy and data security practice, counsels companies on how to protect themselves from hackers. “My job is twofold: it’s to advise companies what to do and how to prepare, in order to identify their risk and try to avoid it,” Larose says, “and then the second half of it is to help them work through the issues when they do have something like this happen.”
Too often, she only becomes involved after something bad has happened.
“I wish it were more often before,” she says. “I wish companies would be more proactive.”
In 2016, Larose argues, data security should be a basic element of risk management, like fire safety or disaster recovery. “Companies are starting to look at this as the cost of doing business,” she says.
And with data breaches, she says, it’s no longer a matter of if but when: “Any company that’s connected to the Internet, there’s a real risk. There’s a risk of your systems being infected, there’s a risk of your data being taken hostage by ransomware, there’s a risk of your employees clicking on a link and being victimized by phishing scams. All of those risks are real. And they’re not theoretical, they’re not things that happened to somebody else. They happen to companies every single day of the week. And they cost money to fix.”
Larose started her career as a journalist. She graduated from BU’s College of Communications with a master’s in broadcasting and journalism in 1979 and went to work as a reporter and a news director for public radio in New Hampshire.
In those years, she spent time with quite a few presidential hopefuls: “I have a nice big wall of pictures of people—Jimmy Carter, Ronald Reagan, Ted Kennedy, Fritz Hollings, Jesse Jackson, everybody that came through during that time. Everybody that came through those New Hampshire cities in those days before the advent of satellite 24-hour news cycles, came to the local radio station to sit down and do the Sunday morning public affairs shows.”
After spending some time working for political campaigns, Larose decided to come back to BU for law school. She knew she wanted to focus on business law and stay out of the courtroom. As a former radio reporter, she parlayed an interest in information technology into a specialty in cyberlaw. Ultimately, she developed a focus on privacy: “I had spent so long working for information technology companies, at some point it dawns on you that data might be a really important part of what these companies are doing.”
The Future of Privacy and Security
One thing that has surprised her over the years has been the pace of change and how it affects companies: “It changes more rapidly than companies can keep their arms around it, frankly. Because there are new devices coming into the workplace, there are new ways that employees are using the information access that they have…things are becoming much more portable and much more mobile, and less secure at the same time. And there are more and more ways that the bad guys out there are finding to exploit that. So it’s happening faster than I think anyone ever anticipated.”
Despite the recent media focus on Russian hackers, Larose says that the “bad guys” come from all over. “There’s not just one set of bad guys, which makes tracking the threats really difficult. There’s a huge span. We’ve seen everybody from script kiddies in basements in their parents’ houses breaking into large companies and wreaking havoc, all the way up to organized crime rings and state-sponsored hacking. It’s not limited to the Russians in that arena … China’s doing it, North Korea’s doing it. The National Security Agency, the CIA and the FBI…have been saying for years that nation-state hacking will become one way espionage is going to be conducted. So it’s not surprising.”
In the next few years, Larose believes, security improvements will make it easier for people to protect their data—if they choose to. “But there’s a difference between privacy and security. I think it will be easier to keep financial information, credit cards, things like that secure. Because security is getting better.”
Privacy, on the other hand, will depend on what information people are willing to give out—and how much companies tell us about what they do with it. “Surveys have shown that large percentages of people will give personal information to businesses in exchange for something. Whether it be discounts, whether it be promotions—they’ll give it out…the whole digital advertising ecosystem will need to become more transparent with its users about what is actually going on and where their information is going.”
She also thinks that the coming years will still see a great need for privacy lawyers: “This will not go away. There will be a market for people who understand this space and the technology, and at the same time understand the legal issues and all of the issues surrounding information security and data privacy to continue to advise, clients, companies, boards, advocacy groups. There’s going to be a continued need for this ‘specialty.’”
Larose has been with Mintz Levin for twenty years now, and says that she hopes that her place on the list of the top 50 women in tech reflects well on her and the firm.
“I’m honored to be included in that group,” Larose says, “and I’m hoping it says that I’ve made a personal contribution and that the firm is continuing to make contributions in both advancing diversity and working with women getting into this area.”
Reported by Trevor Persaud (STH’18).