Follow Kara Linkedin Twitter Facebook
Email Kara Email
Legal Issues
May 1, 2016

Creating A Breach Response Plan For A Cyber Attack

Sponsored Content provided by Kara Gansmann - Attorney, Cranfill Sumner & Hartzog LLP

In this series on liability for cybersecurity breaches, the fifth component of a sound cybersecurity plan includes developing a breach response plan for when or if your business is hacked. The breach response plan should identify the employees and vendors who will implement the plan, develop a timeline for your plan, and incorporate the following objectives.
 
Know Your First Steps 

  • Identify what data was compromised. The type of data – whether it’s financial data or consumer data, for example – may dictate your business’s response and implicates the potential for liability. Also, determining whether the data was encrypted and whether and how much data was removed from your system will help you decide what response is necessary.
  • Locate the source of the breach. Not only should you determine the source of the compromise, you should also determine the size of the breach.
  • End vulnerabilities. If a computer is compromised, disconnect it immediately from your network. Ensure your firewalls are still working. Patch any known vulnerabilities in your software.
Know Who to Call
  • Call your cybersecurity experts. These experts will isolate the breach and identify remaining threats.
  • Inform your cyber insurer. Your cyber insurance policy may defray the costs of a response, ranging from an initial $2,000 to $10,000, or even cover the higher costs of litigation arising from the breach.
  • Call your legal counsel. Keep your attorney updated to learn what materials are necessary to retain for any litigation or regulatory investigation. 
  • Notify consumers. North Carolina law requires notification to consumers affected by the breach. Know the laws on how and when to inform consumers. If you have a privacy policy for your customers, ensure compliance with that policy to minimize potential for liability. Liability may turn on the adequacy and timing of your notice to consumers.
  • Contact the North Carolina attorney general. North Carolina law also generally requires businesses to inform the Consumer Protection Division of the state attorney general’s office of a breach involving personal information.
  • Advise your vendors or other business contacts. To further limit your liability, if you have vendor contracts, you may be required to inform vendors of a data breach. Even without a contract, to maintain goodwill with these professional contacts who might be affected by the breach, you should inform them of the breach. 
  • Consider whether a PR professional can help. The damage to your business from a security breach is not limited to the cost to deal directly with the breach. Your reputation can suffer the greatest harm, and having a PR professional on your side can help minimize the impact.
Other Considerations
  • Cooperate with law enforcement investigators and consult with legal counsel.
  • Communicate with your employees about the breach and confirm they know the proper responses to customers’ questions about the breach.
  • Plan your business’s responses to media inquiries and ensure that your employees know who is permitted to respond publically for your business.
  • Strategize ways to keep your business running post-breach. 
Kara Gansmann, a North Carolina native, is an associate in Cranfill Sumner & Hartzog LLP’s Wilmington office, where she focuses her litigation and appellate practice on various aspects of labor and employment law, business and contractual disputes, medical malpractice, and HOA matters. To contact Kara Gansmann, call (910) 777-6055 or email her at [email protected].
 

Other Posts from Kara Gansmann

Wbj insights revised 0510 121615113531
Ico insights

INSIGHTS

SPONSORS' CONTENT
Headshot2 3182020512

Save On Cooling/Heating With Dual Zone HVAC Systems

Chris Jones - Green Dot Heating & Air
Aaeaaqaaaaaaaaidaaaajdhiztrkodm0lte2yjetngrkmy1hotrmltawmdvlmwqyztmymw

Getting A Jump On Job Skills

Diane Durance - UNCW Center for Innovation and Entrepreneurship
Alycephillipsnew2

Charitable Trusts Let You Split Gifts Between Philanthropy, Family

Alyce Phillips - Old North State Trust LLC

Trending News

NCino Shares Expected To Begin Trading This Week

Christina Haley O'Neal - Jul 13, 2020

County Releases More Details About Potential Hospital Sale Proceeds

Vicky Janowski - Jul 13, 2020

NCino Raises IPO Value To Nearly $3 Billion; Plans To Start Trading Tuesday

Staff Reports - Jul 13, 2020

Wells Fargo Plows PPP Proceeds Into Small Business Relief Programs

Jenny Callison - Jul 13, 2020

In The Current Issue

Dosher Memorial Marks 90th Anniversary

Dosher Memorial Hospital in Southport recently commemorated its 90th anniversary. The critical access community hospital opened June 2, 1930...


Industrial Sector Shines In Pender

Industrial commercial real estate gained more attention over the past few months as a sector that’s still doing well, despite an economic do...


Businesses Continue To Adapt To Times

An update on how businesses that were part of the Working Through It series are still coping as a result of the coronavirus pandemic, starti...

Book On Business

The 2020 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

2020 Leadership Accelerator: Virtual Workshops for Real Leaders
2019 Health Care Heroes
August 26, 2019 Power Breakfast: A Healthy Sale?
2019 WilmingtonBiz Expo Keynote Lunch - CEO, nCino, Pierre Naude`