July 20, 2017 -Uh oh! Your IT manager tells you – after hours, of course, – that your systems have been hacked. What now?

Just as is the case when someone is physically injured and substantial medical attention will be needed to facilitate their full recovery, a good deal of professional assistance will be needed to fully resume operations. However, the best medical attention may go for naught if first responders exacerbate the injury, and the best system restoration efforts are useless if the immediate responses are not suitable. If first responders do not properly stop bleeding and stabilize broken limbs, the best surgeon or internist may have little to contribute.

At the same time you do the following, you will want to contact your FisherBroyles lead to immediately assist with required notices and avoidance of prejudicial statements.

An essential step to be taken prior to such situation arising is to compile and share with the internal team tasked with dealing with the situation, a full list of contact information for internal and external contacts, including key vendor and insurance providers. Key internal contacts, apart from IT management include senior members of legal, financial, sales and PR groups. Such list should also include a schedule of key contracts.

Equally fundamental is to identify and engage with technical vendors, forensic investigators and other experts, who are versed in such situations, before they are needed so that they have adequate information and incentive to jump in when needed. It is often desirable from a legal standpoint to engage such persons through outside counsel, in order to maintain the confidentiality of your discussions if litigation does occur.

Once this is done and key players are notified, we suggest the following, when the time comes:

  • If recommended by forensic and repair personnel, take appropriate preliminary steps to mitigate spread of, and isolate, malicious code and data encryption, amongst other events, while preserving operating systems and key application software, which may or may not include, by way of example only, removing the internet or other connections – but not power connection – of all relevant devices.
  • Advise all hands of problem and urgent need to avoid opening any unfamiliar links or attachments.
  • If practicable, tentatively identify impacted files, databases and systems, emphasizing consumer data, and determine whether data has been wrongfully accessed but is still present and accurate, has been corrupted or is no longer present.
  • Where disaster recovery plans exist and involve third party off-site support, notify vendors of need to activate.
  • Access back-up media or services.
  • Do NOT publicly or privately apologize or accept responsibility. If public statement is needed, it should be non-committal – e.g ‘we are aware of situation and conducting investigation’. Engage FisherBroyles to determine applicable laws requiring consumer or other notices and remedial steps and whether law enforcement should be notified.
  • Notify cloud and SaaS vendors to determine if issue emanates there.
  • Pull all insurance policies and other relevant documents, especially cyber-liability and error/omission policies or endorsements, and notify issuers of latter.
  • To facilitate efforts of law enforcement or forensic investigators, do NOT delete files of any kind.

These steps are intended only to freeze the situation and avoid additional harm or legally prejudicial statements or actions. They are most definitely not a full prescription for remedial action. They must be augmented by detailed involvement of technical personnel. However, such involvement will be much more efficient and you will be back up much faster if the right first aid steps are taken in advance.

If you would like additional information, please contact either of the following FisherBroyles partners: 

Marty Robins
(847) 277-2580

Palo Alto
Kimberly Booher
(650) 636-5958

FisherBroyles, LLP – Cloud-based. Not Virtual™

Founded in 2002, FisherBroyles, LLP was the first in the U.S., and now the largest full-service, cloud-based law firm in the world. The Next Generation Law Firm® has grown to approximately 180 attorneys in 21 offices nationwide. The FisherBroyles’ efficient and cost-effective Law Firm 2.0® model leverages talent and technology instead of unnecessary overhead that does not add value to our clients, all without sacrificing BigLaw quality. Visit our website at to learn more about our firm’s unique approach and how we can best meet your legal needs.

These materials have been prepared for informational purposes only, are not legal advice, and under rules applicable to the professional conduct of attorneys in various jurisdictions may be considered advertising materials. This information is not intended to create an attorney-client or similar relationship. Whether you need legal services and which lawyer you select are important decisions that should not be based on these materials alone.

© 2017 FisherBroyles LLP