“We’ve been hacked! What did we lose? We don’t know yet. When did it start? We don’t know that yet either. What do we do next? Who do we contact FIRST?”
- IT Provider
- Cloud Provider
- Clients or Customers
Making this decision in the heat of a crisis is not ideal. To minimize business impact and cost, do you know exactly what to do when your business gets hacked?
The right answer? B. Attorney. Getting legal help immediately is the correct answer in most situations. One big reason is attorney-client privilege; you and your attorney control information release and can shape the messaging. Secondly, breach notification requirements vary based on location. Careful compliance assessment and prompt action can avoid significant penalties.
Obviously, your IT staff will also assess the situation in parallel. Some businesses choose to recover as quickly as possible—an approach that can leave your operations vulnerable to the same attack. Professional cyber security support may be required to determine root cause and identify mitigations to prevent future attacks.
To prepare effectively, get help. Do you have an Incident Response Plan? If not, LP3 can help. Contact LP3 for a comprehensive vulnerability and business risk assessment.