The First 24 Hours: How to Prepare and Respond to a Major Cybersecurity Attack

Michael Morgan, Amy Pimentel
McDermott Will & Emery
Contact
LinkedIn
Facebook
X
Send
Embed

McDermott Will & Emery

In Depth

In today’s digital age, data privacy and security incident response plans are critical. Companies need to have a well-designed cybersecurity plan to protect their systems from attacks and respond to a crisis when they are affected. Whether you are preparing your incident response plan to respond to a cyber attack, or if you are caught off guard by a major cyber incident, you should consider deploying the following steps in the first hours of a cybersecurity breach:

  • Taking steps to preserve a claim of attorney-client privilege over the incident response, including by establishing a written communications protocol covering the investigation and requiring all participants in the investigation to commit to adhere to the protocol.
  • Working with the company’s chief information security officer and IT security team to ensure that the organization is taking appropriate steps to protect the company’s systems and, if necessary, to prepare for a forensic investigation to determine the full scope of compromise. Depending on the type of attack, such steps may include taking services offline, scanning and imaging affected systems, forcing password resets, adjusting firewall settings, identifying and terminating unauthorized programs running on the system, implementing software patches, updating anti-virus definitions, rebooting systems after the updates at an appropriate time and generating backups of critical systems.
  • Ensure that key IT security personnel remain alert to signs of the attack, are available to the company and its workforce 24/7 and are prepared to activate the company’s incident response plan immediately if the company’s system is compromised.
  • As appropriate, communicate with the company’s workforce to:
    • Remain alert for phishing emails and pay attention to the details of emails, including the sender, body of message, attachments and links directing to an unknown site;Be alert for suspicious emails and notify a designated contact in the company’s IT team if the employee suspects that he/she has received a phishing email, if he/she has unexpected difficulty accessing a file or if he/she sees anything that might suggest a compromise of the company’s systems;
    • Keep on hand the contact information for the IT security team and ensure that the IT security is on 24-hour call until further notice.

If the company has been a victim of a cyber attack, such as a ransomware attack where system files have already been encrypted, then additional steps will be necessary:

  • Work with counsel on a plan to manage the incident response, including preservation of a claim of attorney-client privilege, the retention of a cyber-forensics consultant under privilege, compliance with notification requirements, and the assessment of legal exposure arising from the incident.
  • Work with the cyber-forensics consultant to preserve logs and images for affected systems and to begin work on analyzing the attack, the extent of the compromise and the adequacy of remedial measures.
  • Evaluate backup system availability and adequacy.
  • Consult with counsel, IT and your forensic expert about other appropriate steps.
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McDermott Will & Emery | Attorney Advertising

Written by:

McDermott Will & Emery
McDermott Will & Emery
Contact
more
less

McDermott Will & Emery on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide