Reputation Management: Protecting law firm data and reputation: A guide to cybercrime mitigation, Part III
Reputation Management: Protecting law firm data and reputation: A guide to cybercrime mitigation, Part III
By Gina F. Rubel
This is the third in a series on the basics that law firm leaders must know about cybercrime.
A comprehensive, well-developed incident response plan (IRP) developed with risk assessments that identify potential threats and catalog and prioritize an organization’s assets is critical to a firm’s cyber defense system.
IRPs address the firm’s specific needs, vulnerabilities, and operational environment, and are not one-size-fits-all. IRPs should align with the firm’s key clients and stakeholders, the industries the firm serves as well as local and federal regulatory guidelines. It is essential to define thresholds for escalating incidents to ensure swift and appropriate action when breaches occur.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published the basics of an effective IRP. Key advice includes meeting your CISA regional team, local FBI representatives, and police, before a cyber incident occurs. Print out their contact information and keep it with a hard copy of your IRP in a secure location. Research conducted by IBM shows that 37% of organizations that did not involve law enforcement in a ransomware attack led to higher costs and experienced a 33-day longer breach lifecycle.
During an incident, your internal email, chat, and document storage services may be down or inaccessible. Your IRP should include a data recovery process, ensuring that critical systems and data can be restored quickly and securely after an attack.
Your IRP should also define clear roles and responsibilities within the firm. A typical incident response team (IRT) includes members from IT, legal, HR, communications, outside counsel, and senior management.
Creating an IRP and identifying an incident response team are not enough. Regular drills and tabletop exercises with your response team and other stakeholders are essential to ensure that the response plan is workable and that response team members understand their roles in a real-world scenario. Practicing under realistic conditions ensures the IRT can execute the plan efficiently, minimizing confusion during an actual incident. This preparedness helps mitigate potential damage, reduce downtime, and manage reputational damage. According to the IBM research cited above, organizations with robust IRPs and testing saved $1.49 million compared to those which did not.
Communicating during a cyber incident
Once an attack is detected, firms must immediately activate their IRP. The response team needs to gather facts, assess the extent of the breach, and contain the incident to prevent further damage. Initial internal communication should alert relevant departments and halt any operations that may exacerbate the breach, such as shutting down affected systems.
Immediate response
Effective communication is crucial during the initial hours and days following a cybersecurity breach. All communication should be directed through the previously designated incident commander, per the IRP. Whether you manage crisis communications in-house or work with an outside agency, a well-structured communication strategy is vital to ensure smooth internal and external communication during a crisis. Accurate and timely communication with external entities, including insurance providers, IT partners, third-party service providers, clients, and law enforcement, is essential to resolving the matter with professionalism and without penalties. While the SEC on July 26, 2024, adopted new rules requiring public companies to disclose cybersecurity incidents, most analysts agree private firms should also follow the same guidance.
Internal communication
Keeping employees informed and engaged through official communication channels, like email or internal messaging platforms, is essential during a cyber incident. It is important to provide clear instructions to avoid misinformation. Employees can help mitigate the damage by following specific security protocols and reporting suspicious activity. Frequent updates from firm leadership can help maintain morale and reduce anxiety among staff, ensuring that everyone understands their roles in the response and recovery process.
External communication
Managing external communication involves even greater planning. Maintaining solid relationships with insurance providers, outside counsel, the media, and clients will help to control public perception. But this is not to say that firms should necessarily alert the media immediately. Your plan will dictate your communication tactics. However, positive relationships go a long way toward mitigating further damage.
According to your plan and your insurance provider, clients and others affected by the breach will need to be notified as soon as possible with clear, transparent information about what happened, how it impacts them, and what steps the law firm is taking to resolve the issue. Efforts should focus on transparency, addressing concerns openly while avoiding technical jargon that could confuse or alienate those affected. Coordination with the firm’s internal general counsel and outside counsel is essential to ensure any internal or external communication follows firm messaging guidelines and complies with insurance, professional responsibility, and regulatory requirements, minimizing potential liability.
Transparency
Balancing transparency with protecting sensitive information is fundamental to successful crisis communications. Law firms should aim to disclose what they know promptly and truthfully, without revealing information that could aid attackers in further compromising security or negatively impacting clients and others. Clear, consistent messaging reassures stakeholders while maintaining trust.
Rebuilding and maintaining reputation after a cyber incident
Post-incident review
After a security incident, rebuilding your firm’s reputation begins with a thorough post-incident review. By analyzing the breach and determining what went wrong, law firms can identify vulnerabilities and understand how attackers accessed sensitive data. In addition to assessing the IRP’s effectiveness, by acknowledging areas for improvement and taking responsibility, the firm demonstrates to stakeholders and clients that it is taking a proactive approach, setting the stage for rebuilding trust.
Strengthening security posture
To prevent future incidents, it is essential to implement lessons learned from the breach. Among the steps to strengthen a firm’s security posture are conducting regular security audits and vulnerability assessments to help ensure that new defenses are holding up against evolving threats. Training staff on cybersecurity best practices and reinforcing policies like password management, phishing awareness, and response protocols also play a critical role in fortifying the organization’s defenses.
Reassuring clients and stakeholders
Demonstrating a strong commitment to cybersecurity and transparency is key to restoring stakeholder confidence. Clients and stakeholders need reassurance that the organization is taking appropriate measures to protect their data. Openly communicating about the enhanced security steps helps rebuild damaged relationships. Prompt and candid responses to any follow-up inquiries are also crucial.
Ongoing communication strategy
Maintaining a transparent, ongoing communication strategy is essential for reinforcing trust in the long term. Keeping clients, employees, and the public informed about security improvements and initiatives shows continuous commitment. This can be achieved through regular updates via newsletters, press releases, or company blogs that detail new security measures, certifications, and advancements, demonstrating an organization’s proactive stance in safeguarding data and mitigating future risks.
Gina Rubel is the CEO and general counsel of Furia Rubel Communications. She educates professionals on devising and implementing strategic communications plans to manage their reputation, develop and attract top talent, and drive business success. She is the host of On Record PR. Gina can be reached on LinkedIn at https://www.linkedin.com/in/ginafuriarubel/.
Share this story, choose a platform
Brought to you by BridgeTower Media
Free Weekly Newsletter
Recommended content
Legal Ethics: Navigating the ethical challenges of advertising and solicitation in the digital age
Legal Ethics: Navigating the ethical challenges of advertising and solicitation in the digital age By Sari W. Montgomery In the [...]
As the year ends, is your legal talent development strategy ready for 2025?
Eric Wangler – President, Global Legal Market, BigHand As the end of the year approaches, many U.S. law firms are [...]
Branding a law firm: How it puts you ahead of the crowd
The author argues that a “true” law firm brand should say as much about a firm’s customers as it does [...]
As holiday season arrives, the U.S. braces for looming risk of cyberattacks
Security experts say the end-of-year holiday period presents the kinds of staffing disruptions and office distractions that make firms more [...]