Martyn McGrath, Director at CyberLaw, takes a look at the importance of implementing an Incident Response plan effectively.
It is right to say that it is not a question of if your business is hacked, but when. Does your organisation have an incident response plan? Would you know what to do in the event of an attack? This article outlines the importance of swift and effective incident response.
In the immediate aftermath of an attack, it is essential that the response of security experts is joined up and coordinated with specialist lawyers for the purposes of legal professional privilege. This is key for not only providing a swift, effective response but also for protecting valuable evidence that may be used in defending regulatory proceedings or bringing either a civil or criminal action against relevant parties. Having both capabilities under one roof brings legal privilege but also saves clients significant cost and complexity.
Having the ability to provide both technical and legal capabilities in one team means that evidence can be analysed, and expert witnesses can be provided to or act for you in litigation. A specialist team can work with in-house legal teams as well as third parties to provide consultancy on issues such as fraud, data breaches, intellectual property matters and takedown requests.
Often overlooked in the event of an incident, is the potential for a conflict of interest between the team handling the incident and the IT team, which may have contributed to the vulnerabilities giving rise to the incident in the first place. Instructing independent advisors can be key in protecting valuable evidence.