Incident Response Plans: Getting Prepared

By Chris Combs

Brainstorming, teamwork, university.

You’re never quite prepared for it. Your focus has been on growing the business and not as much on security or planning for an unforeseen incident. But this happens more often than you might think.

As an In-House Counsel or CFO, it is up to you to set the standard for protecting the company. In the beginning stages a company is really focused on growth, and while you can't predict an attack, you can help your company by getting prepared in case. Here are 4 steps to prepare your team for a legal incident:

1. Identify your team to help – An incident response team is made up of more than a legal team member and a marketing executive. A true response team has dedicated PR, sales, account management and application security specialists with backgrounds in crisis management. Here’s what to look for when you’re putting together your team:

Depending on your product, you will likely need engineering and devops team members. Ideally, you have someone that is capable of leading the technical response to a security breach. This person must know the product in detail, and be able to communicate clear direction to their peers under pressure. When you have this base covered, it’s easier to focus on your company’s public perception. And when you get hacked, this should be the focus.

Your PR representative is the other crucial piece of this plan. They will ensure that there’s proper communication between internal and external teams throughout the process. They will need to interpret the incident, understand and communicate what’s being done to solve it, and put together the best possible response plan tailored to all involved parties. When you’re looking at the team member for this role, make sure they demonstrate an ability to think quickly on their feet and under pressure.

2. Establish prevention and incident response policies – These policies should touch every business unit and cover all employees. Start with the question, “what would you do if…” and go from there. Make sure you highlight what can and cannot be said after a breach, who is allowed to talk to the media, and what happens when someone does not comply with corporate policies.

Confirm this with your legal and HR constituents so that everyone is on the same page. But keep in mind, these policies should not always be set in stone. They should be consistently revisited to make sure that they cover current threats. In this dynamic digital world, new threats come up every day. Don’t let your company fall behind.

3. Set and approve a budget – What if someone told you that one incident could lose 50% of your customer base? It’s tough to set aside money for non-revenue-generating tasks. And it’s even tougher to set it aside for unforeseen circumstances. But this budget may turn out to be critical for your team. You’ll be thankful that you don’t have to go find budget on short notice in the event of an emergency.

Many companies struggle responding to these difficult scenarios, and understandably so. Too often, they fail to set aside the funds necessary to respond, work with external teams, and repair their product and brand.

4. Back-up and secure files, systems, and key information – As most companies know, setting up a secure infrastructure should be a top criteria from the start. When it comes to IP, contracts, transaction data and personal data, it all should be thoroughly protected.

When it comes to protecting your contracts and reviewing customer agreements quickly, LinkSquares can help save teams exponential time and money. With this contract search and reporting system, you can rest easily knowing that if a legal incident does happen, your customer agreements will be available for any review on short notice. Now your legal team can send the account team a list of the customer who need to be notified and how much time you have to notify them. 24 hours can be a short time to notify a customer and a mistake may result in a lawsuit.

Make sure you and your team are prepared and ready! Good luck!

Topics: legal team communication

Comments