Cybersecurity Hall of Fame member Gene “Spaf” Spafford has said, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”
Data breaches have become so much a part of the “new normal,” that cybersecurity has been listed as one of the top 5 “hot” practice areas in 2017 for law firms, according to Law 360. “There have been so many developments over the past couple of years in cybersecurity, it’s pretty clear we’re only in the first or second inning of what’s likely to be a very long game,” says Craig Newman, head of the cybersecurity practice at New York City-based law firm Patterson Belknap LLP.
An effective cybersecurity defense strategy, however, requires collaboration among multiple disciplines in an organization.
As Judy Selby and Lynn Sessions, at law firm Baker Hostetler LLP wrote recently in CSO Magazine, “A breach response team should consist of a cross-section of company personnel, including legal, privacy/compliance, IT, information security and other relevant stakeholders from the company’s various business units. External members should include outside privacy counsel, computer forensic specialists, and a crisis management firm.”
At CommCore, our experience tells us that there are 6 key steps for cyber crisis management:
- Have a plan
- Develop strong working relationships with IT and other departments in your organization
- Coordinate different emergency and crisis plans, i.e. Security, Supply Chain, PR
- Develop pre-approved templates for stakeholder and media response
- Conduct crisis communications drills to test your plan for speed and effective response
- Have law enforcement on speed-dial