The Wrong Way to Respond to a Data Breach


By: Dave Cole

In a recent interview with Entrepreneur Magazine, the former general counsel for the National Security Agency shared his top three mistakes that businesses make when responding to a data breach.  You can read the complete article here, but these are the highlights:

1. Treating cybersecurity like it is only a “tech department” issue.  In reality, it should be a core value in every organization, which means it must originate from the top, have buy-in from everyone in the organization, and be a consideration in every facet of your business.

2. Share the right amount of information at the right time.  You need to find a balance between rushing to notify people before you know all of the details, and going in the opposite direction and losing credibility by not sharing enough or sharing it too late, and thereby losing credibility.  It is important to work with counsel who is experienced in data breach responses to help you make these decisions and find the right balance.

3. Not having all of the relevant players in the loop ASAP.  Having your response team established ahead of time is critical to ensuring that everyone on the same page and able to contribute to the response process and communicate effectivity and cohesively.

These are good tips and echo many of the points we have discussed before in this blog in and in our seminars.  They underscore the importance of having a data breach response plan in place and taking the time to prepare in advance for the potential of a data breach.  The FMG Cyber Toolkit is designed for just that reason and provides everything your organization needs from a document standpoint to be prepared. To discuss the toolkit for your organization, as well as training that is available for your workplace, please contact one of our Data Security, Privacy & Cyber Liability practice team  attorneys.