{"id":871,"date":"2019-01-03T13:42:10","date_gmt":"2019-01-03T18:42:10","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=871"},"modified":"2019-05-27T20:26:28","modified_gmt":"2019-05-28T00:26:28","slug":"business-cyber-planning-guide","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/","title":{"rendered":"Business Cyber Planning Guide"},"content":{"rendered":"<p>All companies should be ready\u00a0to react to a cyber incident. A <a href=\"https:\/\/www.broadbandsearch.net\/blog\/business-cyber-security-facts-statistics\" target=\"_blank\" rel=\"noopener noreferrer\">cyber attack<\/a>\u00a0will cause panic and confusion for a business. Having a cyber response plan in place is critical so a company can experience a fast recovery with minimal damages.<\/p>\n<p>In September 2018, the Cybersecurity Unit at the U.S. Department of Justice issued an updated report on the\u00a0<a href=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/Best-Practices-for-Victim-Response-and-Reporting-of-Cyber-Incidents.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Best Practices<\/a>\u00a0for developing a cyber response plan. The report considers new development in cyber incident planning and response, including ransomware recovery, cloud computing, and information sharing. Also, the report includes lessons learned from federal investigations and provides feedback from private companies that have responded to cyber attacks.<\/p>\n<h3>Key Areas Of Cyber\u00a0Readiness<\/h3>\n<p>The <a href=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/Best-Practices-for-Victim-Response-and-Reporting-of-Cyber-Incidents.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">25-page report<\/a>\u00a0breaks down how a company should prepare to efficiently manage a cyber incident. Below is a summary\u00a0of key areas that a business should consider:<\/p>\n<ul>\n<li><strong>Educate Management:<\/strong> Announce regular updates about new cyber threats. Prepare appropriate reactions that fit the company\u2019s risk management strategies.<\/li>\n<li><strong>Identify Important Assets:<\/strong> Create a <a href=\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\">Risk Assessment<\/a> to prioritize which resources are most important for keeping the company operational. <a href=\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\">Classify data<\/a> so the sensitivity of the breach is instantly known. Make sure the company&#8217;s <a href=\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\">cyber insurance<\/a> policy covers the types of breaches that are most likely to occur.<\/li>\n<li><strong>Create An Actionable Plan:<\/strong> Designate who will identify and contain an incident to mitigate the harm, preserve vital information, and assess the scope of the incident.<\/li>\n<li><strong>Establish Agency Relationships: <\/strong>Form relationships with local law enforcement and federal agencies, such as the InfraGard chapters and the Cyber Task Forces of the Federal Bureau of Investigation (FBI) and the nationwide network of Electronic Crimes Task Forces of the Secret Service.<\/li>\n<li><b>Utilize\u00a0Workplace Policies: <\/b>Create\u00a0procedures for current employees to follow when a breach occurs.\u00a0Implement employee policies that prevent cyber intrusions, such as an Acceptable Use Policy when onboarding and an Exit Checklist when offboarding.<\/li>\n<li><strong>Institute Cyber Procedures:<\/strong> Install appropriate technical controls, such as network monitoring and daily backups. Have a list of third-party experts to contact for help to restore systems and obtain cyber forensics.<\/li>\n<li><strong>Get Legal Advice: <\/strong>Consult with a <a href=\"https:\/\/www.amp.legal\/data-privacy\/\" target=\"_blank\" rel=\"noopener noreferrer\">data privacy attorney<\/a> about state data breach laws to\u00a0understand the legal requirements of breach reporting.\u00a0Ask an attorney\u00a0to assist\u00a0with evaluating federal laws,\u00a0such as the <a href=\"https:\/\/corpgov.law.harvard.edu\/2016\/03\/03\/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015\/\" target=\"_blank\" rel=\"noopener noreferrer\">Cybersecurity Information Sharing Act of 2015 (CISA)<\/a>.<\/li>\n<\/ul>\n<h3>Checklist For Preparedness<\/h3>\n<p><a href=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/Cyber-Incident-Preparedness-Checklist.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright wp-image-875 size-thumbnail\" src=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/Cyber-Incident-Preparedness-Checklist-150x150.jpg\" width=\"150\" height=\"150\" \/><\/a><\/p>\n<p>The report contains a detailed <a href=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/Cyber-Incident-Preparedness-Checklist.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Cyber Incident Preparedness Checklist<\/a> to get a company started with the response planning process. This checklist provides the core of a company\u2019s <a href=\"https:\/\/www.amp.legal\/blog\/response-plan-for-a-data-breach\/\">Incident Response Plan (IRP)<\/a>. Additionally, the\u00a0checklist breaks down the items to consider before, during, and after a cyber incident.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>All companies should be ready\u00a0to react to a cyber incident. A cyber attack\u00a0will cause panic and confusion for a business. Having a cyber response plan in place is critical so a company can experience a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":891,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[27],"tags":[69,30,44,13,25,79],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Business Cyber Planning Guide - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Business Cyber Planning Guide - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-03T18:42:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-05-28T00:26:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/company-computer.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Business Cyber Planning Guide\",\"datePublished\":\"2019-01-03T18:42:10+00:00\",\"dateModified\":\"2019-05-28T00:26:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\"},\"wordCount\":438,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"attorney\",\"breach response\",\"cyber breach\",\"cyber security\",\"data breach\",\"data privacy\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\",\"name\":\"Business Cyber Planning Guide - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2019-01-03T18:42:10+00:00\",\"dateModified\":\"2019-05-28T00:26:28+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Business Cyber Planning Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Business Cyber Planning Guide - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/","og_locale":"en_US","og_type":"article","og_title":"Business Cyber Planning Guide - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/","og_site_name":"Cyber Law Blog","article_published_time":"2019-01-03T18:42:10+00:00","article_modified_time":"2019-05-28T00:26:28+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2019\/01\/company-computer.png","type":"image\/png"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Business Cyber Planning Guide","datePublished":"2019-01-03T18:42:10+00:00","dateModified":"2019-05-28T00:26:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/"},"wordCount":438,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["attorney","breach response","cyber breach","cyber security","data breach","data privacy"],"articleSection":["Cyber Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/","url":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/","name":"Business Cyber Planning Guide - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2019-01-03T18:42:10+00:00","dateModified":"2019-05-28T00:26:28+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/business-cyber-planning-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Business Cyber Planning Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/871"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=871"}],"version-history":[{"count":10,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/871\/revisions"}],"predecessor-version":[{"id":957,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/871\/revisions\/957"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/891"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}