Navigating a Security Incident – Do’s and Don’ts – Technology


United States: Navigating a Security Incident – Do’s and Don’ts Communication

To print this article, simply register or connect to

The process of responding to security incidents inevitably brings a myriad of challenges for a business unlucky enough to experience them. While implementing an appropriate communications strategy may not be high on the list of initial concerns for a business plagued by a ransomware attack or other type of security incident, it should be. . Proper communication discipline will help protect solicitor-client privilege and similar legal protections and mitigate the significant risks (legal, reputational, financial) associated with the unintentional disclosure of incident-related communications.

With that in mind, we’ve included a set of
Communication Dos and Don’ts to help businesses approach this aspect of the incident response process. To implement dos and don’ts, we recommend that companies incorporate these principles into their incident response plan and disseminate them to the incident response team at the start of each incident response effort. incidents. It will also be important to remind internal teams and external service providers that while copying internal or external legal advice on communications, as well as the designation of documents subject to attorney-client privilege and / or the designation of documents in as a “work product” are milestones. , this will not automatically create the relevant legal privileges. In addition, there is always the risk that communications may be inadvertently sent to the wrong recipients and / or acquired either through legal proceedings or by the wrong actors themselves. Therefore, it is essential to think carefully about the content and the delivery method in order to mitigate the inevitable consequences of a security incident and to move forward as quickly as possible.

Communication Dos and Don’ts

  1. TO DO communicate by phone if possible.
  2. TO DO include a project name (for example, “Yellow Project: Content of Notification”) in all emails and other written communications.
    • In some situations, a communication may need to be addressed to a smaller group. In these cases, other dos and don’ts should always be followed.
  3. TO DO mark all emails regarding legal advice, legal analysis, litigation strategy and risk as “privileged and confidential” and include designated counsel (internal and / or external advisor) on all such communications.
  4. TO DO designate e-mails as “private”.
  5. TO DO limit the content of emails to factual and / or objective information, to the extent possible. If an email communication contains work product or content subject to solicitor-client privilege or solicitor-client privilege, do not forward it to anyone outside of the original distribution list.
  6. TO DO assume that any written communication could ultimately be discovered or made public at some point (i.e., whiteboard test).
  7. TO DO segregate written communications in a separate and designated (secure) location and maintain communications in accordance with all litigation hold instructions.
  8. TO DO start a new discussion thread and pay attention to the necessary recipients of the information in the email. Send the email only to those who need to know the information and confirm the recipient list before pressing send.
  9. NOT include subjective conclusions / assessments (eg “that was a big mistake”, “our systems were not sufficiently protected”) in email communications.
  10. NOT disseminate forensic or other reports by electronic mail, especially in draft form. Reports should be reviewed using a screen sharing application or similar means, and any distribution by email or otherwise should only be done when the report has been finalized and under the direction of the lawyer. .
  11. NOT communicate about the incident through other unofficial means (e.g. SMS, instant messaging, other non-company communication applications), unless the nature of the incident is requires the use of an approved secondary communication method.
  12. NOT destroy or delete all written communications relating to the incident until it receives specific instructions to do so.
  13. NOT transmit communications by electronic mail.
  14. NOT keep using the same thread for new topics and avoid “reply all” reflective responses.
  15. NOT mix legal and business advice; use separate communications.

If in doubt, pick up the phone and seek the advice of your internal or external legal counsel before sending a written communication. Communication is a key and integral part of a strong incident response and having and following your protocol provides a mechanism to quickly inform stakeholders, coordinate internal and external stakeholders, monitor customer or employee sentiment, and minimize disruption. damage to reputation, while protecting your business interests and legal privileges.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


Why do you need an NFT contract

Klein Moynihan Turco srl

An ever-increasing number of celebrities, athletes and artists are marketing their own NFTs (short for non-fungible tokens)

Phishy Sounds – The Rise of Vishing Scams

Morgan lewis

There has been widespread awareness of cyber attacks in the form of phishing scams which typically use email messages to trick victims into disclosing sensitive information or opening a link that allows malware to infiltrate their device.


Comments are closed.