In our October Cybersecurity Awareness Month series, we recommended developing an Incident Response Plan (“IRP”) to mitigate the risk that a cyber-attack will result in the disclosure of confidential client data. Please read our Basics of the IRP Four Phase Plan for Lawyers, which offers suggestions on how to develop a plan using the four phases from the NIST’s Computer Security Incident Handling Guide.

Creating an IRP may seem like a daunting task, but tackling each phase individually will make the process easier and result in a more intuitive and effective plan. Make use of our CyberToolbox where you will find sample IRP plans, flowcharts, and other resources.

You may also want to consult the recently released CISA Cybersecurity Incident & Vulnerability Response Playbooks.  CISA developed this resource for Federal Civilian Executive Branch agencies and contractors, but the playbooks provide useful information for any organization developing an IRP.

As always, if you have any questions, please contact us. We are here to help.