Incident response team
Define clear roles and responsibilities for incident response
internally (including communications and other departments) and
externally (including managed security service providers, forensics
consultants, public relations advisors, external legal counsel and
insurance providers) and keep a contact list of those involved
(including back ups).
Engage external firms and service providers now, so that they are
prepared in the face of a cybersecurity incident. Involve and
coordinate with the insurance provider during this process, as the
insurance provider might only work with select firms and service
providers.
Develop a legal privilege and legal compliance strategy. Working
with external legal counsel as a cyber coach, rather than other
types of experts, will preserve solicitor-client privilege and
litigation privilege and ensure organizational legal compliance
when responding to a cybersecurity incident. See BLG’s previous
article Cybersecurity incident response – Tips from the
trenches.
Define communication channels internally and externally and prepare
a communication plan if the organization’s business email
service or…
