Large scale cyberattacks have become more frequent and disruptive as major businesses and even public services have suffered breaches. Even with the best prevention measures in place, it’s wise to be prepared in the event those safeguards fail.
As home to a wealth of sensitive client information, every legal practice should have a plan in place to deliver a quick, reassuring response in the event of a data breach. If you don’t already have such a response plan, here’s a quick guide to building one according to various security experts:
Start by outlining a range of possible scenarios from minor data breaches all the way up to whatever you consider to be your worst case scenario. Having these laid out will help you not only recognize an issue when it is happening, but will give you an immediate action plan for a quick, precise response.
Document who is responsible for each action that needs to happen. If that includes external partners, keep a document updated with their current contact information in your plan.
Write your communications now
Communicating with affected clients will be one of your top priorities in the event of a data breach. With communications pre-written, you can simply fill in the details and send it out before your customers hear about the issue from anyone else. Home Depot became the model for what a good response looks like after their massive 2014 data breach. They responded quickly and candidly by detailing what happened, the steps they’re taking to prevent future issues, and offering a genuine apology plus a year of free identity protection services. Ultimately, this approach retained their customers’ respect and loyalty.
Have a contingency plan for everything
What happens if the person responsible for notifying clients is on vacation? What if the cyberattack has temporarily knocked out your email system? Have a contingency plan ready for every scenario so you’re not scrambling in the moment. Assign back-up individuals for each task and brainstorm the various communication methods you have at your disposal.
I hope these tips are helpful in building your own response plan (but also that you never actually need to use it)!