Once clients realize that such threats are a realistic part of today’s corporate landscape, they frequently move out of reactive mode, where they’ve implemented only the minimum that might be required by the applicable statutory regime, and into a space of proactive planning, working toward threat prevention, as well as a considered, robust response to a possible successful cyber-attack and other attempts to commandeer valuable corporate digital assets. Prevention includes a multi-disciplinary effort that combines resources from privacy and data management, corporate security, third-party vendor management, legal, risk management, human resources and many other corporate functions. All of these efforts are most effective when combined with experienced, expert and practically oriented legal counsel.
Alston & Bird’s Security Incident Management & Response Team is composed of a multidisciplinary group of lawyers who apply their experience, talent and expertise in an integrated fashion, allowing clients to respond more quickly and more effectively to network intrusion and data loss events. We have turned the typical firm model of assembling whatever team members might be available on its head—we have an established team, with established roles, with established expertise in helping clients manage and respond to network intrusion and data loss events. This adds tremendous value to the client’s response because we are able to act more quickly and more effectively than if our team was assembled at the last minute, with many of the members never having responded to a data breach.
Our team includes lawyers that are expert in the wide spectrum of issues facing a client at such a critical time. Of course, knowledge and facility with privacy and cybersecurity laws, particularly security breach notification laws, is critical to this endeavor. The issues do not, however, start or stop with data breach notification. Our team has lawyers that work extensively in privacy and security and data management, but also lawyers that assist clients in pre-litigation planning, e-discovery, intellectual property, contract analysis, insurance coverage issues, customer communications and crisis management, PCI-DSS, law enforcement and white collar crime, and governmental and internal investigations. Most importantly, these lawyers work as a team and are experienced in applying their skills and talent in the hypercharged environment that accompanies a sophisticated data loss event or network intrusion. Finally, if events lead to litigation, our litigators are better able to leverage the efforts of our early incident response team in the litigation. We have tremendous litigation capabilities, particularly in the class action arena that is so prevalent in connection with today’s data breaches.
We also have extensive third-party relationships that we can bring to bear in an integrated response to a security incident. We know and routinely work with the best of the best in the areas of computer forensics and investigation, network monitoring and security compliance and management, public relations and crisis management. If circumstances require an expert response beyond that available with the client’s internal resources, we have established relationships that help us minimize start-up time and organizational tasks, and move immediately into assessing, controlling and responding to whatever data loss or network intrusion event the client may have suffered.