You’ve Been Hacked. Now What?February 23, 2015 – In The News
Scott L. Vernick was quoted in the Network World article, “You’ve Been Hacked. Now What?” Full text can be found in the February 23, 2015, issue, but a synopsis is below.
With data breaches on the rise, many companies have had to face the question of what it should do after it has been hacked.
One of the critical steps following a breach is to deal effectively with legal concerns, starting with having IT, security and other senior executives meet with corporate and external legal teams to discuss the potential implications.
Remediation of the problem could be a long process because the source of the breach may not always be readily apparent, and companies need to ensure any evidence is preserved, says Scott L. Vernick, a noted privacy attorney.
“There’s always one eye toward what law enforcement or an enforcement agency may require, or litigation down the road,” Vernick says.
Companies need to ensure they conduct investigations into the source of a breach without disturbing any evidence. “This can include but is not limited to cloning the server, laptops and desktops; making images of documents so that you are investigating the image as opposed to the original,” he says.
Legal concerns are centered around potential government investigation and making sure that under relevant breach notification laws stakeholders and business partners are informed.
“And then of course you have the potential litigation that flows from that,” Vernick says.
Some reporting policies and procedures are determined by the state breach notification statue or by an industry sector, Vernick notes.
“The bottom line is that organizations should try to be as up front and transparent as possible,” he says. “Some of that is difficult to do because usually it’s a moving target in terms of understanding what happens in developing the information. But certainly with respect to your stakeholders—particularly customers or employees or government agencies—the sooner you’re transparent and the more transparent you are, the better it generally ends up.”
Click here to view the full article.