Posted In: Business Transactions & Corporate Counseling, Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
on August 21, 2019
Unfortunately, it seems as if data breaches are the norm these days. Breaches affect businesses of all sizes, from attacks that make national news at major institutions like Capital One, Marriott International, and Facebook to cybersecurity threats at small and middle-market businesses that receive no media attention. No business or industry is safe and preparation for responding to a breach is key. In a recent report by Vistage Worldwide, Inc., 62% of respondents (based on 1,377 CEOs of small and midsize businesses), said that their firms don't have an up-to-date or active cybersecurity strategy or any security strategy at all. Creating, practicing, and revising a game plan of who to call and what to do in the event of a data breach needs to be at the TOP of the to-do list for every business.
Once a data breach occurs, time is of the essence. It’s important to assemble your team, identify the source of the breach, potentially reach out to any hackers for more information, implement security fixes, report the breach to the proper authorities, notify clients as required that may be impacted by the breach, and make any necessary public statements as soon as possible.
Assembling your team
In order to properly implement data breach protocols a business will need a qualified team of professionals to lead the charge. The essentials are:
IT Professionals — Most obviously a business will need a sophisticated team of IT professionals, both internal and external, to identify the source of the breach, strategize about communicating with the hackers, understand what assets were compromised, implement the necessary security patches, test and re-test the fixes, and protect other servers or other systems from additional breaches.
Legal Counsel — An attorney experienced in data breach response can help a company effectively manage a data breach. The attorney will notify the proper law enforcement authorities, draft notification letters, review insurance policies for coverage limitations, and work with a company’s officers and internal legal departments to help plan for future litigation or investigations that may result from a data breach. It’s important to note that some industries, such as health care, and certain regulations like GDPR, have very specific and nuanced notification requirements that may require further legal analysis.
Public Relations — Communication is vital. It is important that a company’s public relations team or consulting firm communicate effectively with officers, employees, and stakeholders during the breach so that the company may present a united front in any crisis communications to the public.
Accounting Professionals — Many accounting firms have dedicated professionals that conduct forensic investigations. These investigations may be used to trace fraudulent fund transfers and recover sensitive financial data.According to the National Cyber Security Alliance, 60% of small and midsize businesses that are hacked go out of business within six months. Don’t leave your business legacy in the hands of hackers. The attorneys at Brouse McDowell are experienced in all legal aspects of cybersecurity. Let us help you build your “Seal Team Fix.”
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.