There are now three things we can be sure of – death, taxes and getting hacked. For each the best defense is being prepared for the inevitable – create the plan, follow the regimen, and accept the bill. But that is easer said then done especially when you just turned on your laptop to bring up the notes for your opening statement, the jury is watching, the judge is clearing her throat, and you stare at – nothing – it’s gone. All of it – everything – and in its place is…panic. Somehow you get through and hurry to your office. What happened? What do you do now?
For most of us the discovery of being hacked won’t be as dramatic as the courtroom scene above, but it can happen at the most inopportune time. Whenever and wherever it happens the following is a list of some helpful steps to keep in mind so you can get back to as normal as normal will be.
- Take a breath. Don’t panic or at least don’t act panicked. You need a clear head for what you have to do next. You have to remember these steps or at least where you put this list.
- Change your password(s) immediately. Don’t wait – do it now but please create a strong, password – or use a password generator. Change any password for any account that you have that same password for. I know it’s a pain to do, but do it.
- Find your backup. No backup – not good. Start creating backups but not until your computer is cleaned up. Don’t want to backup the virus or bug that got you.
- Get the facts. Lawyers are good at this – we collect the evidence, make a narrative and offer solutions. So do that now. What was lost? What was breached? How was it breached? Think about where you were last – do you sign on to any public WI-FI or a client’s network? Capture screen shots of any error messages and print out mysterious emails (do not click on their attachments though). Don’t destroy any evidence.
- Call your IT or security person (if you have one) so they can do some forensics on your computer or device. If you have an incident response policy at your firm access it and follow it.
- Notify who you have to notify 1 – for example the social media platform or the Internet Service Provider, third party cloud storage providers, etc. especially if the hacking resulted in you getting locked out of your system – so they can let you back in after you authenticate yourself.
- Check your privacy settings on these accounts.
- Deauthorize apps and accounts that you no longer use or are suspicious.
- Notify who you have to notify 2 – for example clients whose confidential information may have been compromised. This is extremely important to remember if you have clients in regulated industries. Make sure you understand your state’s breach notification laws.
- Notify law enforcement if the situation requires it.
- Run a virus scan on your laptop, servicers, mobile devices, etc. Good idea to run it on all your technology just in case the hacking has spread.
- Check your insurance policy – my professional liability insurance just added cyber-liability insurance – how about yours?
- Update your security controls and have “the talk” about security with the office staff – including attorneys, paralegals, clerks, interns, etc.
- Some hackers may actual leave a “Ransom” note. Although law enforcement (including the FBI) do not condone paying a ransom, it has worked. Apparently ransom hackers want to be known as reliable and usually realize your files once payment is received – although keep in mind they may ask for it in “bitcoins” or other cyrptocurrency.
- If individual identity theft, report it to the credit bureaus and your bank or other financial institutions where you have accounts. Get new credit/debit cards. You can find out more at the FTC Identity Theft webpage.
There are other things to keep in mind so review the additional resources and then create a list that works well for your legal office. Being prepared by knowing what can happen and then what to do after it happens can give you an advantage in an otherwise desperate situation.