Cybersecurity Threats and Data Security Breaches

Companies of all sizes and in all industries face cybersecurity threats on a day-to-day basis. If your company’s data security protocols have been breached, or if you are concerned that they may have been breached, it is important that you investigate promptly.

Perhaps no issue keeps more business owners, company executives, and in-house attorneys up at night than the risk of a data security breach. This has unfortunately become a pervasive issue in today’s world, and no company is immune from the risk. Cybersecurity threats and data security breaches can have immediate and long-lasting repercussions, and companies that fail to respond appropriately can face reputational harm, civil lawsuits, and federal penalties.

Hackers and data thieves are becoming increasingly sophisticated; and, today, it is not always readily apparent that a data breach has taken place. While some breaches will be obvious, and perhaps even brash, others will be far more difficult to discern. For this reason, if anyone within or outside of your company raises any concern about a potential breach or threat, you need to take it seriously. You need to investigate, and you need to respond appropriately if a breach has in fact occurred.

Corporate Investigations Counsel for Cybersecurity Threats and Data Security Breaches

At Oberheiden, P.C., we serve as investigation and defense counsel for companies facing cybersecurity issues across the country and around the globe. We also provide cybersecurity compliance representation, and this allows us to offer valuable insights and actionable guidance during investigations and federal enforcement proceedings. Since we understand what it takes to develop and maintain a compliant cybersecurity program, we also know how to spot shortcomings; and, since several of our attorneys are former prosecutors with the U.S. Department of Justice (DOJ), we know what the federal government will be looking for if it chooses to investigate your company’s data security breach as well.

If your company’s data security has been compromised or if you are concerned that I have compromised it, you do not have time to waste. Call us 24/7 at 888-680-1745 to speak with member of our investigations team in confidence.

Investigating an Actual or Potential Corporate Data Security Breach

When investigating an actual or potential corporate data security breach, there are several factors that require extremely careful consideration. As your company’s investigations counsel, we will guide you through matters including:

• Identifying the Source of the Threat or Breach – Where were your company’s logical controls and data security protocols deficient? Did hackers or data thieves exploit a flaw in your company’s privacy software, or did they take advantage of an unsuspecting or compromised employee? Identifying the source of the breach is the first step toward implementing a remedy.
• Identifying the Scope of the Threat or Breach – What type of data has been exposed? Sensitive corporate data? Employees’ personal information? Customers’ or patients’ personal information? How much data was stolen? The answers to these questions will determine your company’s legal obligations and guide subsequent measures during and after the investigation.
• Identifying the Destination of Your Company’s Data – Why was your company’s data stolen? Where are the data being sent? Is there a risk of the data being made public? Hackers and data thieves can many different motives, and identifying the destination of your company’s data will be critical to determining what countermeasures are necessary as well.
• Breach Notification and Voluntary Disclosure – Are you required to disclose the breach? Depending on the nature and scope of the breach, your company may have a legal obligation to notify individuals whose personal information has been compromised, and your company could also have an obligation to self-disclose the breach to federal authorities.
• Confidentiality, Documentation, and Attorney–Client Privilege – How can you keep the breach confidential? How long can you keep it confidential? What documentation do you need to create during the investigation to protect your company, and how can you ensure that the attorney-client privilege is preserved? These are critical questions during all types of investigations into companies.
• Ongoing Threat Assessment and Remedy – What controls does your company need to implement in order to curtail the threat of additional data loss? What other corrective action is necessary? Concurrent with the investigation, your company should also revisit its compliance and risk mitigation policies and procedures to determine what additional efforts are required.
• Federal Investigation and Enforcement – Is your company at risk for federal penalties as a result of the breach? Data breaches that implicate the Computer Fraud and Abuse Act (CFAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, and various other statutes can lead to federal investigations and enforcement action.
• Class Action or Individual–Plaintiff Litigation – What is the risk that your company will be sued? How can you mitigate your company’s risk during the investigative process? If the breach involved personally-identifying information (PII), consumer financial information, or health data, then you may need to begin preparing for the possibility of class action litigation or multiple individual-plaintiff lawsuits.

Conducting an Efficient and Productive Cybersecurity Threat or Data Breach Investigation

Conducting a cybersecurity threat or data breach investigation efficiently and productively requires a systematic approach that follows well-defined protocols. At this point, maintaining control is critical, and this applies to everything from determining who has access to information about the investigation to determining your company’s next steps. If your company’s data have been compromised, you are already playing catch-up, and you cannot afford to get any further behind. You need to uncover the source of the breach, you need to decide when and how to disclose any information that needs to be disclosed, and you need to have a proactive response ready if federal authorities come calling.

So, how do you conduct an appropriate investigation, and how do you do so quickly before the situation gets beyond your company’s control? Some examples of critical steps include:

1. Engage Technical Experts

In order accurately determine the source of the breach and assess your company’s ongoing cybersecurity risk, it will be necessary to engage technical experts who have the ability to investigate the matter effectively. While this may mean utilizing your company’s in-house IT experts, it may also be necessary or advisable to seek outside help.

2. Sequester Sensitive Information

During the investigative process, all sensitive information regarding the breach (or potential breach) should be appropriately sequestered. While there may come a time when disclosure is necessary, you do not want any information getting out until your company is prepared to control the narrative.

3. Build Your Team

In addition to forensic data security experts, your investigation team will also need to include outside investigations counsel, in-house counsel, members of the company’s leadership team, and potentially certain other personnel as well. Decisions regarding who to bring into the investigation should be made strategically; and, once the team has been assembled, roles, reporting structures, and confidentiality obligations should be clearly established.

4. Build Your Strategy

Conducting a cybersecurity threat or data security breach investigation needs to be a strategic affair. Everyone involved should be making fully-informed decisions every step of the way, and next steps should be determined based on an overall strategy focused on protecting the company’s legal and financial interests.

5. Reach a Definitive Conclusion

When conducting any type of corporate investigation, guesswork is off of the table. The investigation needs to be efficient, but it must also only be concluded once you have a definitive understanding of where, why, and how the threat arose or the breach occurred. This conclusion needs to be clearly documented, as do all of the investigative measures and intermediate conclusions that were relied upon during the course of the investigation.

6. Determine the Necessary Next Steps

Once you know what happened, then you can determine what steps your company must take following the investigation. As noted above, this may include issuing data breach notifications, self-disclosing the breach to relevant federal authorities, and taking remedial action internally. All decisions regarding next steps must be fully informed, and any updates or modifications to your company’s cybersecurity policies and procedures should be designed to meet or exceed the relevant legal requirements and current industry standards.

7. Prepare for Litigation

Finally, you will need to assess your company’s litigation risk and determine what proactive defense measures are necessary. Private litigation and federal enforcement litigation are both possibilities, and each requires a very different approach. At Oberheiden, P.C., our lawyers have extensive experience handling internal investigations, federal investigations, and civil and government litigation, and we can provide comprehensive legal advice and representation for all matters related to your company’s cybersecurity threat or data security breach.

Discuss Your Company’s Needs with an Investigations Lawyer at Oberheiden, P.C.

For more information about Oberheiden, P.C.’s investigations practice and our attorneys’ handling cybersecurity and data breach matters, please call 888-680-1745 or contact us online. We are available to speak with prospective clients nationwide 24/7. Call or click now to put our corporate investigation team’s notable legal experience on your company’s side.