Breach Response

When called to handle a breach, Caerleon Security approaches the challenge in a new and different way.

We bring with us a team with experts in all of the facets of breach response:

IT discovery and IT Forensics
IT discovery and IT forensics often get top billing, but it only accounts for 20% of the overall cost of a breach response. The IT discovery task is highly specialized. It’s the Sherlock Holmes of the team, and very few IT departments – even in the biggest of companies – have experts in this highly specialized skill. IT Forensics really has little to do with IT. It is the process of recording the actions that were taken and the decisions made – along with the evidence – for future use by law enforcement or your legal team. For maximum credibility, this person should not be one of your employees.

Compliance Counsel
Compliance Counsel is a lawyer who constantly monitors the response, and often leads it. They are experts at the breach response requirements and their deadlines from all sources: state law, Attorneys General’s guidance and precedent, court decisions and legal precedents, federal requirements (FDA, FTC, HIPAA and HI TECH, and many other federal commissions who have asserted regulatory oversight and authority), as well as private organizations – primarily for PCI data – who have asserted regulatory authority such as the PCI Security Standards Counsel. This critical role is like the conductor of the orchestra. They make sure the response team knows exactly what they must do and by when.

Client’s Counsel
Client’s Counsel is a very different lawyer with a very different function. It is your lawyer, you are his client. Their role is to be the conduit of information between you and the breach team. The purpose of this lawyer as an information intermediary is to protect some of the information from discovery in case of a lawsuit. This role is very often misunderstood: Only 1 out of every 100 incidents will need a “Client’s Counsel”. Often less frequently. Naming a client’s counsel should NOT happen until it is abundantly clear that there is a real risk of litigation resulting from this incident. For this decision to be made wisely, you, the client, need to have access to an incident risk assessment process.

PR Advisor
The minute a breach reaches the risk level to require a Client’s Counsel, a PR Advisor should join the team. At this point we (Caerleon Security) are now working hard to reduce your reputational risk as well as reduce the probability – or eventual settlement – of litigation. People who have just been hacked are (almost always) not able to assess how best to explain what happened and how they are working hard to fix things. They are defensive and want desperately to make it all go away. They have no idea how the person who has been hurt might feel. This is the role of the PR Advisor: to understand how best to present the client to the public. A classic example of a huge breach that should have had a PR Advisor guide their communication is described in our blog. One of the members of Caerleon’s team was a victim in the Experian-caused breach of PII at T-Mobile. You can see the communications and how tin-eared (i.e. awful) it was.

Notification and a Call Center (if needed) is a very special skill. Massachusetts prohibits telling the victim of PHI what kind of information was compromised in a letter. Should you have the call center be overseas (it’s less expensive) or should it be in North American. How do you remove duplicates (see the blog)? How do you personalize 10,000 letters? 1 million letters? Doing it badly makes you look bad (see the blog).

The biggest problem that you avoid by asking us to be your breach response team is the DISRUPTION to you.

You, the firm who has just gotten breached, suddenly have to do the following:

1. Understand (or find out) all the moving parts in assembling a response team.

2. You have to identify, for each of these specialities:

  • Who are the leading firms in each of these skills?
  • Are they independent? Or are they software companies (FireEye) or hardware companies (H-P) or corporate lawyers, or accounting firms – all of which are using breach response to sell their primary product?
  • How much are each of them going to cost? When can they start now? Remember: you just discovered a breach; you know you have to work fast; and you’re in an unfamiliar world. And they know it. So the price is likely to be very high.
  • Are they available now?
  • And then you have to pay retainers and sign contracts
  • … the time you’re done three weeks have passed and half of your senior managers have been tied up trying to figure all this out. Ask Target, Home Depot, Anthem, or Sony how it felt.
3. Even if you can navigate through this first step, having hired all these firms you now have to manage them. All of this activity in unfamiliar territories removes your business management team from doing what they were hired to do, run your business correctly and efficiently.

The other alternative is to ask us, Caerleon Security, to help.

We use a Playbook approach to breach response. It’s unique and very effective. Take a look!

It’s best to get your specific breach team chosen and up to speed before a breach happens.

The ideal solution is to put this team together in advance. No panic. Lower prices. More informed decisions. No disruption. And a more effective breach response when you have a breach.

Ask us about our subscription program. We’ll not only be your breach response team but we will help you prepare for one.

If you decide on subscription protection we’ll also give you your own Playbook!