Every business owner, large or small, should take time to read the Department of Justice’s Best Practices for Victim Response and Reporting of Cyber Incidents. In today’s cyber world, it seems we cannot go a day without reading about another cyber security incident and its ramifications. For example, the Seventh Circuit Court of Appeals just last week certified a class action based upon mere allegations of future harm as a result from the Neiman Marcus data breach. In addition, the DOJ recently disclosed its successful involvement in the largest coordinated enforcement of on line organized cyber crime. This international investigation targeted a group known as Darkode where online cyber hackers shared and sold secrets to hack into other organizations’ computers. Against this backdrop, reviewing the DOJ’s suggestions regarding preventing cyber intrusion would be well worth your time as would be a quick review of my earlier blog post on an employer’s responsibility if you are hacked under the Pennsylvania Breach of Personal Information Act.
Key elements of the DOJ’s suggested response plan prior to intrusion include:
- Having a well-established actionable plan;
- Identify your company’s most valuable information; and
- Have appropriate technology in place to shut down intrusion.
Key elements of the DOJ’s suggested response plan immediately after intrusion include:
- Make initial assessment;
- Take steps to minimize continuing damage;
- Record all information;
- Notify people within Organization, law enforcement and other victims; and
- DO NOT use the compromised system to communicate.
At Danziger Shapiro & Leavitt, P.C. we urge our clients to meet with their technology professionals and develop a plan that deals with both keeping cyber criminals at bay and what to do in the unfortunate event you are hacked. We then work with our clients to make sure that their cyber defense plans are properly worked into employee handbooks and other materials as appropriate. Remember, you do not want to disclose all of your cyber security efforts to your employees and inadvertently provide a roadmap to defeat the measures you have taken. On the other hand, proper training will go a long way in effectively protecting your company’s’ assets. Feel free to contact Doug Leavitt at Danziger Shapiro and Leavitt to discuss this or any other aspect of your business organization.
This entry is presented for informational purposes only and does not constitute legal advice.