Cyberattacks continue to be a top concern for many security professionals in diverse industries, and indications are this is a trend that is likely to continue to increase with emerging technology.
A single breach of an organization cannot only be a reputational risk, it can be very costly. It is projected that cybercrimes will cost
$10.5 trillion by 2025.1 Having a well-documented and tested Incident Response Plan (“IRP”) can greatly mitigate exposure as well as reduce time for recovery in the event of a successful attack. Incident response planning is essential to a law firm’s cybersecurity platform. In fact, the first question a regulator often asks after
an incident is reported is whether or not the company had an IRP.
The Who
Lawyers are required to understand the technologies that they use in their daily practice of law. As specified in the American Bar Association (“ABA”) Model Rule of Professional Conduct 1.1 Competence, comment 8 specifies, “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”
As part of the attorney-client relationship, attorneys and their respective law firms are required to maintain client confidentiality. As specified in ABA Model Rule of Professional Conduct 1.6 (c) Confidentiality of Information, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
Comment 18 to ABA Model Rule of Professional Conduct 1.6 discusses the importance of “reasonable efforts” to protect information related to the client representation. “The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).” Establishing an IRP is part of the reasonable efforts law firms may take to protect client information and know how to respond when it is compromised.
1 2023 Official Cybercrime Report
The What
There are many Incident Response Plan guides available to businesses but law firms have been a popular target for cybercriminals. As recognized by the FBI2 and ABA, law firms hold a great deal of client data that may be monetized by bad actors.
Cybersecurity professionals often follow National Institute of Standards and Technology (“NIST”) guidance for Incident
Response Plans. For this article, we will reference NIST guidance for best practices; however, your business may follow other guides to accomplish goals best suited for them.
It is important to note the differences of an Incident Response Plan, Business Continuity Plan and a Disaster Recovery Plan:
An Incident Response Plan (“IRP”) is a set of documented procedures detailing the steps that should be taken in each phase of an incident. It should include guidelines for roles and responsibilities, communication plans, and standardized response actions.
A Business Continuity Plan (“BCP”) should include steps to maintain or resume business operations during a disaster or other unplanned incident.
A Disaster Recovery Plan (“DRP”) is the process of recovering business functions and systems after an event.
The NIST process emphasizes that incident response is not a linear activity that starts when an incident is detected and ends with recovery (as shown above). Incident response is a circular process, where there is continuous learning and improvement to discover how better to detect and respond to future incidents. Planning and preparation is vital for the IRP process.
The Why
These are the main reasons to have a strong incident response plan in place:3
- Prepares for Emergencies – mostly, security incidents happen without warning, so it’s essential to prepare a process ahead of time;
- Repeatable Process – without a tested incident response plan, teams cannot respond in a timely manner;
- Coordination – it is vitally important to have a coordinated response where everyone is aware of their roles and responsibilities and can act in a coordinated manner;
- Identifies Gaps – frequently testing an incident response plan exposes obvious gaps in the security process which can be addressed before a crisis occurs;
- Practice Makes Perfect – an incident response plan creates a clear, repeatable process that is followed in every incident, improving coordination and effectiveness of response over time;
- Documentation and Accountability – an incident response plan with clear documentation reduces an organization’s liability – it allows you to demonstrate to compliance auditors or insurance companies what was done to prevent the breach.
The How
Creating an Incident Response Plan
Creating a clearly defined Incident Response Plan will enable law firms to outline procedures for detecting, controlling, and remediating security incidents so that employees know how to respond to security events when they occur. Preparation is critical for an effective Incident Response Plan.
To read more from this article click here.