UK Update: Top 5 things to do in the event of cyber attack

There is an ever-increasing risk of cyber incidents as automated spam messages become more prevalent – even tech savvy money saving expert Martin Lewis was nearly caught by a phishing text. While the best protection is to prevent these incidents breaching your security, the next step is to have robust measures in place to help your organisation respond.

What to do if a spam email or text causes a cyber incident at your organisation?

1.Incident Response plan

The first step is before an incident occurs; preparation is everything. You should have a well-known, easily accessible Incident Response plan, that can be accessed even in the event of systems being inaccessible. There will be key strategic decisions to be made, including authorising financial spend, and deployment of resources, so there should be clear decision-makers appointed, with holiday cover built in. Early established channels of communication will be essential. It is important to think about how essential operations can be maintained in the event of a system shutdown – this might mean having the capability to return to paper-based systems in the short term, and alternative methods of communication.

2.Management

It is critical to move from initially responding to the crisis to managing the incident, and you should engage protections at the earliest stage to avoid contagion. This means managing business needs, as well as the incident. As well as thinking about how to manage the incident and systems, the data risk must be considered. The extent of the data you control and process will depend on the nature of your organisation, and the risk posed will depend on the extent of the disruption you are experiencing. However even at the lower end of the scale, data preservation and protection must be top priority.

People management is critical too – keeping staff up to date on next steps, and hopefully referring them back to prior training on what to do in the event of a security incident!

3.Assess

Assessing the nature and scale of a cyber incident will help you identify and prioritise what steps can be taken to recover systems and protect operations. The Incident Response plan should also have provision to help identify and categorise the issues faced, and how they can be tackled. There are a number of factors which determine the seriousness of the issues, and will be a balance of the operational, reputational, financial and system impacts.

4.Get help

Think about who is needed – engage independent forensic help as soon as possible. Engaging lawyers to instruct forensics can assist in asserting privilege should there be legal action at a later stage.  This might also mean engaging with the relevant insurers to trigger coverage, and access support. There will likely be multiple avenues to explore and having the relevant experts on board will be key to ensuring all are investigated thoroughly. If the incident is wide spread or large scale it may well be reported, and reputation management assistance should be sought.

You might also have a reporting obligation to sector regulators, the authorities, and crucially the Information Commissioner.

5.Recover

The ultimate objective is to reduce the impact of any cyber incident to facilitate a speedy and complete recovery. Acting quickly, to follow a detailed incident response plan to manage and assess the risk, with the support of relevant professionals will help you minimise the lasting impact and maximise recovery. Long term recovery also means learning lessons across the lifespan of the incident – prevention, management, resources, and recovery.

By Burness Paull LLP, Scotland, a Transatlantic Law International Affiliated Firm.  

For further information or for any assistance please contact ukscotland@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.