What do you do when you or your client is the victim of a cyberattack, i.e., an attack on its computer system or network? This is becoming a more and more pressing question, as a RAND Corporation study finds the frequency of cyberattacks on American companies is increasing, with the average hacker attack costing about $500,000. Because cyberattacks usually occur without warning, leaving website operators insufficient time to assess and respond to the situation, you need to have a plan in place before any attack occurs. Any response plan for a cyberattack should not only focus on getting the system back up and running, but it should also be focused on preserving evidence for possible use in a later civil or criminal case. Here’s a general outline of actions to consider if a hacker attack or other network disruption occurs:
- Make contact. Contact legal counsel, local law enforcement, any applicable insurance carriers, and the website host or internet service provider. Also, if unencrypted personal information is maintained on the website, be sure to comply with CC §1798.82 and notify all those affected.
- Assess the damage. Take stock of physical damage to hard drives or electronic files and assemble evidence of any damage, including evidence that the attack compromised trade secrets or confidential proprietary information. Assess any damage caused by network downtime and impairment of service availability to customers.
- Track costs. Keep track of the costs of all remedial work undertaken and expenses incurred as a result of the attack, including the cost of hiring third party consultants, loss of productivity, and lost profits. Don’t forget any hardware and software costs.
- Preserve evidence. Back up and then isolating the computer or server accessed in a secure location to preserve any clues to the intruder’s identity. Shut down or reconfigure the system if possible so that it does not run utility programs automatically. Automated maintenance or utility programs can delete and recycle data on a hard drive, and potentially destroy evidence automatically.
For the complete checklist on responding to a cyberattack, go to §18.23 of CEB’s Internet Law and Practice book.
© The Regents of the University of California, 2010. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.