Week #4—Calling for Back-Up
Following the loss prevention advice we have offered this month—educating lawyers and staff, assessing risks, and developing a solid Incident Response Plan (“IRP”)—will provide a good base of protection against cyber-crime. However, with cyber-crime constantly evolving, nothing is foolproof. This week we address the resources available to victims after an attack.
Protect the Data
The most immediate concern upon discovering a cyber-attack should be minimizing the loss of client data. As discussed last week, an IRP should include steps to identify the threat, quarantine it, prevent exfiltration of data, eradicate the threat, and restore the network. The Cybersecurity & Infrastructure Security Agency (“CISA”) can assist in this process. In its Ransomware Guide, CISA urges victims to contact them for asset response assistance, which includes:
- Specific guidance to help evaluate and remediate ransomware attacks.
- Remote assistance with identification, containment, and mitigation strategies.
- Malware analysis.
To take advantage of this assistance, contact CISA at https://us-cert.cisa.gov/report, or contact CISA’s Region 5 office, providing service to Ohio, by email at [email protected] or by phone at (888) 282-0870. If CISA’s asset response assistance is not required, reporting a cyber-attack to CISA is currently voluntary.
Involve Law Enforcement
The IRP should also address when to involve law enforcement in the response to the attack. This should be done early to make sure evidence is preserved for the criminal investigation. The FBI is the lead federal agency for criminal investigation of cyber-attacks. An FBI investigation may include collecting incident artifacts such as system images and malware samples. Contact the FBI at:
Cleveland Field Office
Cincinnati Field Office
You can also file a complaint through the FBI’s Internet Crime Complaint Center (“IC3”). The United States Secret Service also investigates cyber-crime and can be reached at one of its Ohio field offices:
|Cleveland Field Office:
|Cincinnati Field Office:
Notify Impacted Clients and Third Parties
Beyond addressing the immediate obligation to mitigate the attack and protect the client data, lawyers must consider the legal and ethical obligations to disclose information about the attack. The lawyer’s legal obligations depend upon the type of data that has been compromised and the lawyer’s area of practice. Obligations may arise under various federal and state laws. At the least, lawyers must comply with R.C. §1349.19, which protects Ohio consumers whose personal information has been compromised in a cyber-security breach.
Lawyers that fall victim to a cyber-attack also have an ethical obligation under Prof.Cond.R. 1.4 to notify affected clients. This obligation is discussed in ABA Formal Opinion 483 as well as the related obligation to protect the confidentiality of client data during the asset protection and criminal investigation phase of the incident response. Navigating these ethical issues can be complicated. OBLIC can help. OBLIC’s Loss Prevention Department can provide resources to help insured attorneys work through any ethical concerns.
Access Available Insurance Coverage
Another paramount concern will be how to cover the expense of data recovery and remediation and the loss of income caused by the interruption of your practice. OBLIC has also teamed with Tokio Marine HCC- Cyber & Professional Lines Group to add an endorsement on our Lawyers Professional Liability (“LPL”) policies for e-JD® Cyber Liability coverage. The standard endorsement is included on every LPL policy at no additional premium and provides coverage for a variety of losses including those related to security breaches and cyber extortion, subject to certain definitions, exclusions, and conditions. Qualifying insureds can also receive preferred rates on higher coverage limits. For additional information about the endorsement or to apply for higher limits, contact the team at the OSBA Insurance Agency:
Vice President, Sales and Business Development
|Tammy J. Thornton
Senior Sales Executive
Our goal with this Cyber-Security Awareness Month series was to focus attention on the ever-increasing risks of cyber-crime. As we close out the series, we hope that we also provided some peace of mind that there are resources available to protect against these attacks and that provide support for those who are victimized. We will continue to alert you throughout the year as we learn of new or developing cyber-risks and the resources available to respond to them. Please contact us if we may assist you. We’re here for you!
|Gretchen Mote, Esq
Director of Loss Prevention [email protected]
|Monica Waller, Esq.
Senior Loss Prevention Counsel [email protected]