Cyber liability is a hot topic these days and rightfully so. Electronic security breaches are happening on a more regular basis and no one is immune. Law firms are attractive targets to hackers due to their vast repositories of sensitive data, often containing clients’ most intimate personal and business details. Most law firms do not view themselves as being potential targets and therefore, their IT-security defences are low, making them easy prey for cyber criminals. If your law firm is the victim of cyber breach, here are a few key actions you should consider.
Engage a breach coach
When a breach event occurs, time is of the essence. It has been found that breach remediation costs are significantly less when a breach coach is engaged immediately and manages the process on behalf of the organization. The coach’s role is to manage and oversee the work being done and simultaneously by different specialists as explained below.
Notify your insurance company
Where insurance has been purchased, provide notice to your broker so that your insurance company is engaged.
Start the process under privilege
Use a lawyer to hire an independent digital forensic firm. By having attorney-client privilege around the investigative efforts, you can carefully prepare and control how information is released publicly. This is a strong tactic if a government investigation or class action lawsuit is a possibility. By engaging outside legal counsel who specialize in data breaches, you are assured that you will be compliant with breach notification requirements. Legal counsel is also the best party to share documented information with your insurance company around the time spent and cost incurred to remediate the event.
Save your network logs
Have your IT staff gather and document facts surrounding the potential incident. Network security event logs are often vital in helping verify the date, time and machines involved in an incident. Your firm should save these logs to support further investigation by the digital forensic firm and also for remittance to your insurance company.
Consider engaging an independent digital-forensic firm
These firms can perform a timely and unbiased investigation to determine the extent of the damage and assess the options for remediation. A benefit of engaging an independent outside firm to investigate the breach is that the results will be perceived as more objective and, therefore, are more defensible if challenged later on (e.g. by government, shareholders, customers, etc.). Where hired, your independent digital forensic firm can lead any briefings with your insurance company.
Consider hiring a public relations specialist
Damage to the reputation of a business is one of the biggest risks following a breach and lost business can be the costliest consequence. To help manage messaging to the media and other impacted parties, it may be beneficial to hire a public relations specialist to work with your organization through the crisis.
Lawyers Financial Office Insurance
Lawyers Financial Office Insurance is comprehensive coverage that includes cyber coverage. You can get a quote and bind your policy in a matter of minutes – all online! And, our rates are extremely competitive too. Check it out now!