The Cybersecurity Unit of the U.S. Department of Justice (DOJ) recommends that “organizations should have a plan in place for handling computer intrusions before an intrusion occurs. During an intrusion, an organization’s management and personnel should be focused on containing the intrusion, mitigating the harm, and collecting and preserving vital information that will help them assess the nature and scope of the damage and the potential source of the threat. A cyber incident is not the time to be creating emergency procedures or considering for the first time how best to respond.”
If your company is not yet prepared for a data breach, read on for advice on how to prepare an incident response plan.
The DOJ says the plan should include “specific, concrete procedures,” such as:
• Who has lead responsibility for different elements of an organization’s cyber incident response, from decisions about public communications, to information technology access, to implementation of security measures, to resolving legal questions;
• How to contact critical personnel at any time, day or night;
• How to proceed if critical personnel is unreachable and who will serve as back-up;
• What mission critical data, networks, or services should be prioritized for the greatest protection;
• How to preserve data related to the intrusion in a forensically sound manner;
• What criteria will be used to ascertain whether data owners, customers, or partner companies should be notified if their data or data affecting their networks is stolen; and
• Procedures for notifying law enforcement and/or computer incident-reporting organization.
Here are components that should be included in an effective incident response plan:
1. Building the Team
Appoint one leader who will have overall responsibility for responding to the breach. The leader should have access to top level management and decision making abilities. If your company has a risk officer that is a good choice.
Include representatives from all areas, especially IT, to investigate the technicalities of what led to the breach; have someone from legal on the team; and have a communications/press person to deal with the media.
2. Data Inventory
Know what type of data is stored, and how it is being collected, processed and stored. Categorize data according to the level of security as well.
3. Containment
The cause of the breach must be contained as quickly as possible.
Passwords should be reset, disable network access for computers known to be infected by viruses or other malware, and block the accounts of users that may have been involved in wrongdoing.
4. Privacy Concerns
Although the cause of the breach needs to be investigated, it must be done with awareness that privacy laws should not be violated, barring an emergency situation.
For instance, healthcare and financial services are two industries where data privacy and security are highly regulated. Learn the requirements for each and the steps to take in the case of a data breach.
5. The Legal Risks
Many data breaches lead to litigation. Have a list of law firms that specialize in data breach response available so you can call on them in the event of a breach.
6. Notification/Communication
Victims, employees, and third-parties need to be notified of a data breach. Their financial and personal information could be at risk, or already compromised. This is why it is crucial to have a communications expert on the team to advise on how to notify without causing alarm, or making admissions that could imply fault by your company.
For more on privacy, security, estate planning, or other business litigation matters, schedule an appointment today with Virtus Law. Our attorneys are experienced business lawyers and litigators. Give us a call at 612.888.1000 or email us at info@virtuslaw.com. We will generate a return on your investment in outstanding legal advice.