Cyber Breach Response: You Will Suffer a Data Breach. Have You Selected Your Response Team?

Tips from the Trenches:  A Computer Forensics Perspective

73% of small to mid-sized companies suffered a data breach last year

Here’s an overview of the most notable data breaches from the last few weeks…

• Snapchat, the online photo sharing site reported a massive hack of hundreds of thousands of user names and phone numbers
• Facebook, Gmail, and Twitter advised 2 million users that their passwords had been compromised
• Retail giant Target is embroiled in a security nightmare involving the personal data of millions of customers

What’s going on?  It’s really just business as usual, but a call in late December from a client hiring our firm to help them investigate what appears to be a massive breach of data from a well-known Chicago company has finally prompted me to reissue some “Tips from the Trenches” for breach response readiness.  Most importantly, have a breach response team in place before you need one.

When the Wall Street Journal recently asked the Association of Corporate Counsel, a group that represents in-house lawyers, Cybercrime, labor rules, and financial penalties from banking industry regulators topped the list. ^[1]

And if you are thinking that your clients are not at risk to a data breach because they tend to be smaller companies, think again.  Small to mid-sized companies are becoming increasingly attractive targets.  Why?  Their security internet security measures are typically less sophisticated than large companies, and smaller firms are doing more business than ever online via cloud services that sometimes use weak encryption technology.

We have seen “a relatively sharp increase in hackers and adversaries targeting small business,” according to the security company Symantec.^[2]

$188,242 – Cost of a cyber attack on a small or medium-size business

300% – Increase in cyber attacks on small businesses from 2011 to 2012^[2]

A data breach is typically an emotionally charged, stressful, and chaotic event.  The stakes are high, things are moving very quickly, and mistakes made in the early stages of a breach can have long-lasting and irreversible consequences. We have heard the stories of well-intentioned IT people, for example, installing a software patch on a server during a data breach and inadvertently erasing critical ESI.

Take a moment to make sure your clients have a solid and defensible data breach response plan in place, and have taken the time to create a breach response team.  You will be glad you did.

Tips from the Trenches: Elements of a Good Breach Response Team

1.  Have a team in place.  Sounds like a no-brainer, right?  Most companies have not taken the time to assemble a data breach response team, and this failure increases the risk of costly missteps.  Identify your team and task them with carrying out your plan.  Team members should represent the following segments of your business:  Legal, Outside Counsel, HR, Media Relations, IT, Corporate Security, Insurance, and vendors from computer forensic, remediation, and notification specialist firms.  Keep your phone trees up to date, and have backup people in place.

2.  Train your team.  Make sure the members of the team are fully up to speed on the legalities of breach response including notification requirements, data spoliation risks, and regulatory requirements.  Keep training records as evidence of your best efforts to have a competent team in place.

3.  Communicate with your team.  Provide the team with the written plan and have regular communication.  Update team members with industry developments, emerging case law, and breach response trends.

4.  Negotiate now.  Have master service agreements in place with your key vendors, (breach response notification specialists, call centers, credit reporting agencies, etc.).  Negotiate pricing (and especially indemnification language!) now…not in the heat of the moment during a data breach.

5.   Practice!  Stage “table top” exercises at least twice per year on a wide array of breach event scenarios, (loss of consumer information, trade secret breach, website hack, etc.).  Maintain records of these practice sessions.