• Home
  • Attorneys
    • About
    • Cheryl Cooper
    • Daniel Whitehouse
  • Testimonials
  • Practice Areas
    • Business Law
      • Gig Economy Package
    • Technology Law
      • Data Breach Attorneys
      • Solutions For MSPS
    • Intellectual Property
    • Marketing Law
  • News & Publications
    • Tech Law Tips Podcast
    • Speaking Engagements
    • Blog
    • eNewsletter Sign Up
  • Contact

Orlando: (321) 285-2300 | Tampa: (813) 444-7388

whitehouse cooper logo
  • Home
  • Attorneys
    • About
    • Cheryl Cooper
    • Daniel Whitehouse
  • Testimonials
  • Practice Areas
    • Business Law
      • Gig Economy Package
    • Technology Law
      • Data Breach Attorneys
      • Solutions For MSPS
    • Intellectual Property
    • Marketing Law
  • News & Publications
    • Tech Law Tips Podcast
    • Speaking Engagements
    • Blog
    • eNewsletter Sign Up
  • Contact

whitehouse cooper logo
  • Home
  • Attorneys
    • About
    • Cheryl Cooper
    • Daniel Whitehouse
  • Testimonials
  • Practice Areas
    • Business Law
      • Gig Economy Package
    • Technology Law
      • Data Breach Attorneys
      • Solutions For MSPS
    • Intellectual Property
    • Marketing Law
  • News & Publications
    • Tech Law Tips Podcast
    • Speaking Engagements
    • Blog
    • eNewsletter Sign Up
  • Contact

Is your Incident Response Plan Ready for Prime Time?

Cheryl Cooper, Esq.
September 11, 2015
Technology Law

In the previous post, we discussed how an incident response plan, not security tools, will ultimately determine the impact of a cybersecurity breach. Losses can be staggering in terms of data, intellectual property, non-compliance penalties, revenue, lawsuits, and the confidence of customers and business partners. More than an IT issue, incident response planning must be a coordinated effort across key departments within an organization, including legal.

Cybersecurity issues are not governed by a single piece of legislation. Instead, organizations have to wade through industry-specific legislation, state regulations and federal statutes, all of which directly or indirectly address cybersecurity. There is also the growing threat of private lawsuits.

Suppose your company is hacked and sensitive customer information is compromised. Depending upon your industry, a government agency or regulatory body could find your company liable if they determine you didn’t do enough to prevent a breach. An attorney with both technical and regulatory knowledge is needed to interpret relevant laws that may affect how an incident response plan is structured and executed.

The only way to determine whether your incident response plan will work is to conduct an incident response readiness assessment. This involves a review of any documentation associated with baselines, escalation procedures, and company policies for protecting sensitive data.

How and where is data being stored? How is data being backed up? What is your business continuity plan? How long will it take to recover data and applications? What is your process for notifying internal and external parties in case of a breach? Do the answers to all of these questions satisfy regulatory requirements?

A top-to-bottom review of IT security is an essential component of your incident response readiness assessment. What software is being used? Is it up to date? Who manages IT security? Is data being encrypted? How is access to data being controlled and monitored? What process is followed when suspicious activity is detected?

The last step is to test your plan. Many organizations will simply have their incident response team walk through a hypothetical scenario. However, a more realistic test of your technology and processes involves “infecting” a network system with harmless malware, which will enable you to gauge the effectiveness of your incident response plan and ensure that all legal and regulatory requirements are met.

Organizations with no in-house counsel should think twice about leaving incident response planning to the IT department. Even organizations that do have in-house counsel should consider bringing in outside counsel to navigate the complexities of cybersecurity. When it comes to incident response, a strategic plan is far more effective and less risky than a knee-jerk reaction.

In the next post, we’ll discuss recent changes to Florida laws related to cybersecurity and data breaches.

 


1 Comment


Getting Up to Speed on Florida Data Breach Law, Part 1 | Whitehouse & Cooper
September 18, 2015 at 12:54 pm

[…] incident response is as much a legal issue as an IT issue, and what your organization can do to ensure that your incident response plan is effective. Companies should operate under the assumption that a security breach will happen and develop an […]


Why Cybersecurity Incident Response Isn’t Just an IT Function
Previous Article
Getting Up to Speed on Florida Data Breach Law, Part 1
Next Article

Office Location
Orlando
Call: (321) 285-2300
1515 Park Center Drive
Suite 2M
Orlando, Florida 32801
Quick Contact Form

    Recent Posts
    Man carrying the world on his shoulders
    The Weight of the Business World

    PPP Loan Forgiveness Photo
    Rolling with the PPP Punches

    Gig Economy Package
    The Rise of the Gig Economy Worker


    Like Us On Facebook

    Facebook Twitter Linkedin

    © Copyright 2011 – 2023 Whitehouse & Cooper, PLLC. All rights reserved. Privacy Policy

    No products in the cart.

    • Home
    • Services
    • About Us
    • Our Team
    • The blog
    • Contact Us
    Toll Free
    1-885-245-45635
    New York
    1-455-245-45623
    Toronto
    1-657-544-45623
    • Facebook
    • Linkedin
    • Twitter