Byte of Prevention Blog

by Jay Reeves |

3 Step Plan for Your Cyber Response Team

Pin on Pinterest Share on Google+ Share on LinkedIn

Is your cyber response team trained, fully staffed and ready to swing into action if needed?

If your answer to that question was – “Cyber response team? What cyber response team?” – deduct one risk management point. If, on the other hand, you have at least a rough idea of who you’d call in a crisis, add one point.


“While it’s crucial to have preventive measures in place, it’s equally important to know how to respond quickly and effectively after a cyberattack occurs,” writes Erik J. Martin for CO.

Members of your cyber response team could include your office manager, an IT expert (in-house or outside), your insurance carrier, a data forensics specialist, and perhaps even a public relations person.

The immediate goals: (1) identify what happened, (2) assess the damage, (3) take corrective measures to prevent further losses.

Step One: Identify what happened

“Begin by identifying the type of threat that caused the security breach if possible,” says Monique Becenti of SiteLock. “This will give insight into what must be communicated to stakeholders and other departments.”

Next, notify all relevant parties, starting with managing partners and branching out from there. This requires a clearly defined plan that specifies the chain of command amid the chaos of a security breach.

Other pointers:

  • Notify your IT department, cybersecurity provider and liability insurance carrier.
  • Interview all parties who discovered the breach.
  • Document the process.
  • Don’t destroy any evidence.
  • Secure the physical areas related to the breach.
  • Change access permissions.

Step Two: Assess the damage

 “Prevent any additional data loss by taking all systems affected offline after your forensics team has conducted its analysis,” says data management executive Douglas Williams in the CO piece. “Swap out any affected machines with unaffected ones. Update all user credentials and passwords that a hacker may have gained access to.”

Other pointers:

  • Search online for exposed data or anything else that was exposed in the hack.
  • Remove all compromised data, including on other websites where it may have been posted.
  • Make a list of all losses and damages, including data recovery costs.
  • Mitigate the damage and further risks.
  • Use a security program to scan files, review firewall logs and quarantine malware.
  • Scrub all malware from the system
  • Notify your cyber insurance carrier.
  • Notify your professional liability insurance carrier.

 

Step Three: Take corrective measures

“Once your company has nullified the urgent threat, there’s an imminent need to revise your plan and strengthen your defenses against future attacks,” says Mike Tanenbaum, head of cyber for Chubb North America, in the CO article.

This starts with education and awareness. Staff training should be regular and comprehensive. Employees should know the warning signs of suspicious emails and attachments. They should know what to do if they receive one. And they should be trained on encryption of sensitive information as needed.

Other pointers:

  • Review all software; upgrade where needed.
  • Change passwords across the system.
  • Implement two-step verification methods to access vulnerable accounts.
  • Put a WAF (web application firewall) in place to safeguard your website.
  • Ensure your e-commerce platform is PCI-DSS (payment card industry data security standards) Level 1 compliant.
  • Make sure your website hosting company regularly patches any security vulnerabilities.
  • Implement extra measures to prevent theft of company servers, smartphones, laptops and other electronics.
  • Hire an outside cybersecurity professional for consulting/monitoring.
  • Purchase cyber insurance coverage.

Contact Lawyers Insurance, the NCBA-endorsed agency for law firms in North Carolina, to purchase or learn more about cyber insurance. Call 1-800-662-8843 or click here.

 

 

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More