On April 29, the Cybersecurity Unit of the U.S. Department of Justice (DOJ) published a practical guidance document entitled "Best Practices for Victim Response and Reporting of Cyber Incidents.” The guidance clearly warns businesses to anticipate and prepare for possible cyber incidents.
Based on cumulative input from business leaders and federal prosecutors, the DOJ guidance presents best practices that companies should take before, during and after a cyber attack or intrusion. In addition to having a solid breach response plan in place before an attack, the DOJ recommends that companies identify experienced legal counsel that they can call on in the event of an incident, and remain on the alert after an event as residual vulnerabilities may exist.
While the DOJ’s list of steps to take to prepare for a cyber attack or intrusion are helpful, the guidance is particularly useful in showing what the DOJ expects a company to do in the event of a cyber incident with regard to preserving evidence and assisting with the subsequent investigation. Currently the DOJ publication is only a guidance document, but companies would be well advised to take heed as these best practices may eventually become the standard expected practice.