What to do when the worst happens: cyber-attack

-

Two private equity service providers had to put their cybercrime response plans into practice in June when they were affected by a global malware attack. Systems at fund administrator TMF and law firm DLA Piper were infected by a virus that spread to 64 countries.

While prevention is of course better than cure, no cybersecurity program is 100 percent impenetrable. So what should you do if the worst happens and your firm is the victim of a cyber-attack? pfm asked legal and technology sources to find out.

Mobilize the incident response plan
The importance of keeping the incident response team and plan up to date is evident as soon as they are triggered. Private fund firms should ensure the team includes a cross-section of employees so that breaches across the business can be responded to effectively. It should also include staff from the organization’s legal team and possibly external counsel.

Secure systems and ensure continuity
Securing systems will ensure that the breach is contained. The organization may have to isolate or suspend a compromised section of its network temporarily, or shut down the entire network.

Conduct an investigation
The firm should nominate someone to head an investigation and ensure they have the right resources. All steps taken during the investigation must be documented as they may be required by regulations, law firm Herbert Smith Freehills says.

Manage public relations
Poor communication following an attack can have worse consequences than the attack itself, according to Deloitte. Management’s response can contain or escalate an incident.

Address laws and regulations
Compliance teams should be aware of their obligations and the time frame in which they are required to report a breach. They may also be required to notify individuals whose data have been compromised.

Response plans should be constantly evolving, but the more comprehensive and tested a plan, the better the management of an incident will be. While the advice doesn’t need to be followed to a T, a firm should bear the response guidance in mind if – or when – they fall victim to a cyber-attack.