When it comes to privacy and cybersecurity, gone are the days when your biggest concerns involved having your credit card number stolen. Hackers are now steps ahead, targeting companies’ proprietary information and intellectual property and causing serious implications. This sophisticated threat environment is compounded by an aggressive and fast-changing regulatory environment. Needless to say, protecting your business’s confidential data will only become more complicated with evolving forms of technology in the years to come. With that said, we below are some high-level best practices you should consider following in the wake of a security incident:
- Don’t call it a breach!
- Have an incident response plan in place and follow it
- Maintain attorney-client privilege on all communications
- Stop the bleeding—ensure the security threat is over
- Prepare communication plan for employees, customers, PR
- Notify your insurance carrier early
- Engage with law enforcement as appropriate
- Determine/preserve facts—forensic firm engaged by counsel
- Analyze any reporting/notification obligations (affected individuals, regulators, contractual)
- Review policies/procedures and take any remedial action
Contact Brenda Sharton, Karen Neuman or David Kantrowitz for more information.