Step#1. Getting the right people involved and coordinating your efforts is key to any successful response.
A company must identify a central point of contact or leadership team that not only has the responsibility, but also have the authority to act. The leadership role must be established to perform the day-to-day analysis of the situation and make key decisions. A central point of contact should be established and be at the highest level in executive management or have the backing of executive management.
Do you have a response team as part of your response plan? Does it involve in-house legal counsel, human resources personnel, corporate security, IT security, technical professionals and someone from your communications group to coordinate messaging? The response team must not only act as liaison within its own company but also must coordinate and communicate with law enforcement, third-party forensic responders, outside legal counsel, media, and various state notification procedures. Synchronizing an effective incident response sometimes involves bringing in third-party entities. A well-organized and practiced response plan will have pre-established contacts for law enforcement and any needed third-party technical and legal support.
• Hiring outside legal counsel, a breach coach or notifying your cyber Insurance company. Companies sometimes hire outside legal counsel to assist with risk and remediation procedures such as: compliance requirements, data breach disclosure laws, industry standards, regulations and federal and state laws. Attorney-client privilege can be invoked between the victim company’s outside legal counsel and hired third-party forensic firms that perform a review of the system during a breach. Invoked privilege allows the forensic company to report breach results directly to the law firm. Coordination is needed to ensure that the law enforcement agency investigating the case has access to that flow of information.
• Hiring a third-party forensic company: Third-party forensic firms can assist in containing the breach and collecting sensitive electronic data (evidence) in a forensically sound manner. These companies are there for mitigation, remediation and assistance in investigating the internal workings of your network. Law enforcement agencies investigate the breach but do not mitigate damages to your system.
LISTCRIME is a non-profit website. We simply want to help internet users and businesses to not become ictims of cybercrime. Our goal is to be a one-stop-shop for reliable, up-to-date information about online safety, to give home users and businesses the advice they need to use the Internet safely.