Does your organization know what to do if law enforcement came knocking on your door?

Scott Augenbaum on Aug 14, 2019 • 2 answer
• 0
During my career as a Special Agent with the FBI, responsible for handling Cybercrime issues, I had to break the news to dozens of companies they were the victim of a data breach. A majority of the time these companies didn’t have a good plan in place on what was the next step. It was never a good day when I had to break the news. Would your organization know what to do if the law came knocking?

Answers

Honestly, we have work to do to be prepared for such a situation. Our organization knows to direct the news and the messenger to our Legal and IT teams. Both teams know how to understand the message and findings, understand impact to consumers and us, inform our cyber security insurer & exec branch, and prepare for response and corrections. We are in the process of defining our process regarding who all to call first, record incident details, in parallel stop the bleeding, inform customers, fix the issue and build prevention procedures to avoid a bad day like this etc. We have made progress; we aren't just there yet.

I'd love any advice from you, Scott, and others on what you recommend organizations should do to prepare for such a situation, and areas to work on to prevent having a bad day.

Chirag Shukla on Aug 14, 2019
• 2

Similar to Chirag, we have improvements to do with our planning and preparedness. Where we have done some things - we have policies in place to know how to react, what we need to do, notifications with regards to breach, and our Privacy/Compliance team puts efforts in to understand national and international laws. We use this to improve our overall readiness, such as hard drive encryption and other measures.

Another thing that we've been doing is tabletop exercises. We've been conducting about 1 per quarter with different scenarios. We include IT, HR, and Legal, plus any necessary individuals with focus on our exercise topic. We use this to improve our processes and better overall preparedness.

Ken Smith on Aug 14, 2019
• 2