Recent cybersecurity attacks targeting both the public and private sphere has emphasized the need for law firms and legal departments to be prepared to properly address a security breach.
Michael Dicke, co-chair of Fenwick’s securities enforcement group, and other speakers shared insight at the recent Legaltech West Coast Conference on the role of information governance in mitigating breach exposure.
Dicke warned against retaining excess data both as a means to ward off cybercriminals and, increasingly, government regulatory agencies like the Consumer Financial Protection Bureau (CFPB) that have recently become far more aggressive in combating poor cybersecurity practices.
In addition, Dicke recommends that "every organization [have] a breach incident response team and a plan in place and a real plan that gets tested." The team should include the presence of a CIO or CISO in order to oversee organization and protection of sensitive data as well as to navigate the “patchwork” nature of disclosure laws that trigger post-breach.
In the event of a breach, quick action is vital, Dicke said. "What hasn't sunk in is how many mistakes can be made in the first 24 to 38 hours that really hamstrings a company."