If you look at the “Hot Buttons” column in the September/October 2019 issue of the ABA’s Law Practice magazine, you will find the article “Disasters and Data Breaches: The ABA Speaks” written by Sensei’s Sharon Nelson and John Simek. Law Practice magazine is a bi-monthly publication of the American Bar Association’s Law Practice Division.
Excerpt: In our line of work, we see a lot of law firms who have been breached. “Headless Chicken Mode” is our name for the reaction of those who have not prepared for a breach – they have no incident response plan. They run in circles, hysterical, with no idea what to do. Sadly, there are a lot of law firms without an incident response plan –a 2018 study by IBM Resilient and the Ponemon Institute revealed that half of all organizations described their incident response plans as informal, ad hoc, or completely non-existent.
Today, for law firms, not having a formal incident response plan is inexcusable – and unethical under these new opinions. With respect to cyberattacks, our own experience has shown:
- The faster you catch a cyberattack, the less it will cost you and the faster you can recover.
- You are no stronger than your weakest link (usually your employees).
- With a good incident response plan, preparation is 2/3 of the effort, and the remaining 1/3 is solving the problems when an attack occurs.