Top Five Things To Do When You Detect A Cyber Attack! - a podcast by Tyler Hatch, B.A., LL.B.

from 2019-07-04T16:18

:: ::

Cyber attacks on business and government organizations are exceedingly common these days.  Not all cyber attacks are or result in a data breach.  More often than not, the objective is to encrypt the victim's IT network and demand that a ransom be paid in order to have the data decrypted.


The top five things to do when you detect a cyber attack:



  1. Leave devices running and keep systems functioning and online.  You've already been compromised so you might as well provide an opportunity to the forensics responders to collect the available evidence before contaminating the scene.  Without evidence, there is little that we can determine in the aftermath of a cyber attack.  It is very important to understand precisely what occurred and how in order to prevent it from happening again.

  2. Contact the privacy and data breach lawyer that is part of your incident response plan. Your organization may be facing liability for exposing client data during a cyber attack so it's best to have a qualified and experienced lawyer involved from the start.   

  3. Have your lawyer (see #2!) engage a digital forensics team to collect evidence and respond to the attack.  A qualified incident response team will contain and eradicate the threat or malicious attacker.  Further, and perhaps most importantly, when engaged by your lawyer, all work, evidence and findings by your digital forensics team are protected under solicitor client privilege.  This prevents it from being used against your organization down the road if there is a lawsuit or class action claim.

  4. Report the matter to your cyber insurance provider, if coverage is in place.  Hopefully, you have coverage for the potential enormous losses that can flow from a cyber attack.  It is always recommended that you put your insurer on notice of a potential claim early. 

  5. Conduct a full and thorough investigation following a cyber attack.  Learn what happened in order to avoid having it happen again.  Changes may be required to your IT network.  Your personnel may need to be made more aware of risks related to cyber crime and your incident response plan may require updating following an attack.  This is only possible if you know what happened.


For more information on Cyber Security and Incident Response Plans, contact DFI Forensics Inc.  If you need a contact for cyber insurance or an incident response lawyer, we can provide one in any North American area.



---

Send in a voice message: https://anchor.fm/dfiforensics/message

Further episodes of The Digital Forensics Files Podcast

Further podcasts by Tyler Hatch, B.A., LL.B.

Website of Tyler Hatch, B.A., LL.B.