DOJ Releases Best Practices for Victim Response and Reporting of Cyber Incidents

Foley Hoag LLP - Security, Privacy and the Law
Contact
LinkedIn
Facebook
X
Send
Embed

Last week, the Cybersecurity Unit of the Department of Justice (DOJ) issued a list of “best practices” for companies concerning preparing for and responding to cyber-attacks. The report details the lessons federal prosecutors have learned while handling cyber investigations, as well as feedback from private sector companies. Some of the key pieces of advice are:

  • Identify Your “Crown Jewels”: Before creating a cyber-incident response plan, companies should first identify which data, services, and infrastructure warrants the most protection. Loss of some data or services might only result in a minor disruption, which loss of others could be devastating. A good incident response plan will include appropriate risk management and prioritization.
  • Have Appropriate Technology and Services in Place before an Intrusion Occurs: Companies should already have in place the technology and services it will need to respond to a cyber-incident. This could include off-site data back-up, intrusion detection capabilities, and devices for traffic filtering or scrubbing.
  • Ensure Your Legal Counsel Is Familiar with Technology and Cyber-Incident Management: Cyber incidents raise a multitude of legal issues and obligations. Companies faced with a cyber-incident will need to quickly engage legal counsel to address these issues. “Legal counsel that is accustomed to addressing these types of issues that are often associated with cyber incidents will be better prepared to provide a victim organization with timely, accurate advice.”
  • Have a Vetted and Actionable Cyber Incident Response Plan: An incident response plan should, at minimum, include the following four steps: (1) immediately make an assessment of the nature and scope of the incident; (2) implement measures to minimize continuing harm; (3) record and collect information regarding the incident, such as imaging the affected computers and keeping logs of what occurred and the steps taken in response; and (4) notify the appreciate people within the company, as well as law enforcement and the potential victims. Consulting counsel is particularly important for the last step because a company’s notification obligations derive from on a complex patchwork of state, federal, and international laws.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Security, Privacy and the Law | Attorney Advertising

Written by:

Foley Hoag LLP - Security, Privacy and the Law
Foley Hoag LLP - Security, Privacy and the Law
Contact
more
less

Foley Hoag LLP - Security, Privacy and the Law on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide