Managing a Cyberattack: An Interactive Simulation at the ACC Advanced Compliance Education Summit
It is 3:00 in the morning and your children are safe in bed, but the phone is ringing at the FBI! Sutherland’s Mark Thibodeaux; Cyndi Baily, Chief Compliance Officer at Alere Toxicology; Sarah Sandstorm, Contracts Counsel at KBM Group; and Special Agent Corey Harris from the FBI presented an interactive simulation of a cyber-attack at the ACC’s Advanced Compliance Education Summit yesterday.
The simulation included information on what to do in the event of a cyber-attack or a data breach, including how and what to communicate to various stakeholders of the organization, and how to minimize corporate exposure from such events. The panel also covered ways to develop and continually improve incident response plans, the role that outside counsel play in cybersecurity crisis management, and the potential liabilities triggered by a successful cyber-attack or data breach.
Actionable best practices for in-house counsel discussed include:
- Acquiring cyberinsurance
- Reviewing reporting and governance structure of information security system
- Putting third-party vendor contracts in place for response
- Implementing regular, ongoing employee training
- Periodically reporting to the board of directors regarding cybersecurity
- Developing breach response plans, including identifying a team for regular and ad hoc review and response
- Performing table-top exercises of the company’s breach response plans
- Getting to know your friendly neighborhood FBI cyber team members
- Updating data maps of systems and identifying potential risks of data being involved in an incident, including legal and regulatory risks and reputational harm