Having a Cyber Attack Plan Can Avoid Legal Problems
If your business is like most nowadays, you rely upon, if not completely depend on, your technology. Whether it’s local servers, or information in the Cloud, problems with hardware and software can completely stop a business in its tracks.
But even worse than technological problems are technological problems that are a result of malicious activity—viruses, tampering, hacking, and other cyberattacks. Often, the perpetrators are nowhere to be found—hidden behind a wall of technological anonymity, or in foreign countries far from the jurisdiction of the United States.
Many people may not be aware that the Department of Justice actually has promulgated best practices guidelines for business to use when it comes to cybersecurity. Here is some of the advice the Department has for businesses in planning for and avoiding attack—and dealing with an attack if it eventually happens.
- Prioritize – It’s obviously best if you can protect all data on your entire network. But where cost may be a problem, the DOJ suggests prioritizing. What data or services are absolutely crucial to your day to day operation? What information would you need to simply carry on the business in the event of an attack? Prioritizing can help you allocate cybersecurity resources.
- Have a plan – This sounds obvious, but many companies don’t have one. Determine who in the company is responsible for what in the event of an attack. Determine if any vendors or customers need to be notified and who will notify them. Are there any systems that may immediately need to be disabled to avoid further harm? Having a step by step guide with responsibilities delegated will avoid everyone running around confused if an attack happens.
- Have measures to avoid continuing damage – Often, attacks are made worse when employees continue to send data or open attachments after an attack is in progress. Having a procedure to reroute communications, networks or servers, inform employees of what is happening, or block damaging communications can help minimize an attack.
When Legal Counsel May be Needed
In some cases, it may be necessary to get legal counsel involved. This depends on the severity of the attack, the nature of the business, and the information compromised. Obviously if there is sensitive information like Social Security numbers or consumers’ bank account numbers involved, legal counsel may be needed to minimize corporate liability (as well as to ensure compliance with any insurance requirements).
Aside from information being compromised, legal counsel may be needed to appease upset consumers. If your business offers a service to consumers that isn’t offered because of cyber-attack, and consumers seek refunds or damages, counsel may be needed to assess your company’s liability. A customer who gets a T shirt they paid for a few days late may not be a problem. But a customer who was relying upon you to access a vital service or data and suffers damages may well raise legal claims.
Speak with a business attorney about a plan if things go wrong, and have an experienced attorney at the ready to avoid significant problems. Contact Tampa business, asset and probate attorney David Toback to discuss protecting your business in all situations.