The Department of Justice (DOJ) is the latest U.S. government agency to offer cybersecurity response tips to the business community. Late last month, the Securities and Exchange Commission also weighed in on cybersecurity response tips.
The DOJ cybersecurity response tips provides “best practices” to assist organizations in preparing a cyber incident response plan. It is specifically intended for small businesses that often lack the resources (both technical and financial) of larger organizations. Below is a brief summary of the DOJ’s recommendations for before, during, and after a cyberattack.
Before a cyberattack
- Identify mission critical data and assets (characterized as the “Crown Jewels” by the DOJ) and implement tiered security measures to safeguard those assets.
- Create an actionable response plan that provides specific, concrete procedures to follow in the event of a cyber incident and ensure that all personnel who have computer security responsibilities are properly trained.
- Have procedures in place that will permit lawful network monitoring, which can be essential to detect and respond to a cyberattack.
- Retain legal counsel who is familiar with legal issues that arise during cyber incidents.
- Develop relationships with relevant law enforcement agencies, outside counsel, public relations firms, and investigative and cybersecurity firms that you may need to retain in the event of an incident.
During a cyberattack
- Make an initial assessment of the scope and nature of the incident, particularly whether it is a malicious attack (insider or outsider) and/or a technological malfunction.
- Implement your written cyber incident response plan.
- Collect and preserve data related to the incident, which should include: “imaging” the network; retaining all logs, notes and other records; and maintaining records of ongoing intrusions.
- Notify all relevant parties, such as company personnel, law enforcement, and potential victims.
- Avoid using compromised systems and do not “hack back” against the perpetrator.
After a cyberattack
- Carefully monitor your network to make sure the attacker has been removed and you have regained control.
- Perform a post-incident review to identify any weakness in the development and/or execution of your incident response plan.
While it seems that everyone has cybersecurity advice these days, given the authority of the DOJ to prosecute organizations that fail to properly address a data breach, the agency’s guidance should not be overlooked. Overall, it provides a useful roadmap of the policies and procedures that it expects to see implemented at U.S. businesses.
Fernando Pinguelo is a trial lawyer that focuses his practice on cyber security, crisis & risk management, eDiscovery, Intellectual Property, Labor & Employment, Business Torts and Antitrust. He is also the chairman of the Cyber Security and Data Protection practice and co-chair of Crisis & Risk Management at Scarinci Hollenbeck LLC in Lyndhurst, New Jersey.