More On

Technology: Effectively responding to a network intrusion

6 things to do in the first week after a breach

In our first article, we suggested several practical steps in-house counsel should take in order to enhance their companies' network security, prepare their companies to respond effectively to a network intrusion and protect their companies from some of the potential legal consequences of an intrusion. No matter how forward-leaning your company is in preventing and preparing for intrusions, however, you are unlikely to be able to stop a persistent, sophisticated intruder from compromising your network.

As Alan Paller, director of research for the SANS Institute (a provider of network security and training certifications) recently observed, "nation-states willing to spend unlimited amounts of money for technology, intelligence gathering and bribery can overcome just about any defense."

4. Contact insurance carriers and document loss: In developing your IRP, you will have reviewed your company's insurance policies to identify coverage areas and fill in any gaps. You can protect your company from suffering a big hit to its bottom line by notifying your insurance carriers early and documenting the losses and response costs associated with a computer intrusion so that you can submit them for recovery.

5. Assess legal risks and obligations resulting from intrusion: As part of preparing to effectively respond to a network intrusion, you will have identified protected or sensitive information on your network, considered duties of confidentiality arising out of contract or common law and reviewed your company's network security policies and practices. You will be well-positioned, as the details of the intrusion become clear, to determine whether and to whom breach notification must be given, to assess potential litigation risks and to suggest steps your company can take to minimize such risks (such as credit monitoring and identity theft insurance).

Contributing Author

author image

Todd Hinnen

Todd Hinnen is a partner in Perkins Coie's Privacy & Security practice. Prior to joining Perkins Coie, Todd was the Acting Assistant Attorney General for...

Bio and more articles

Contributing Author

author image

Michael Sussmann

Michael Sussmann is a partner in Perkins Coie's Privacy & Security practice, where his practice covers Internet-related crimes, electronic surveillance, regulatory compliance, white collar defense,...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.