Alston & Bird’s Cybersecurity Preparedness and Response (CPR) team recently partnered with Stroz Friedberg and Brunswick Group to conduct a comprehensive, all day breach preparedness and response training session for A&B team members. Approximately 35 members of the firm participated in this in person multi-disciplinary training session. CPR team members shared their experiences and insight from the entire CPR lifecycle, from preparing incident response plans to dealing with card brands in PCI breaches and everything in between. Given the intense and unannounced nature in which most breaches occur and the pressure and demands on those responding to them, the team referred to the day as “Digital Smoke Jumper” school.
Erin Nealy Cox and Morgan Bjerke from the Stroz Friedberg Dallas office discussed their role as forensics investigators in privileged data breach and network intrusion investigations. Topics discussed included the role of the investigator, typical network reconnaissance and monitoring methods deployed in an investigation and some of the unique issues faced by forensic and legal teams.
Sofia Mata-LeClerc from Brunswick Group traveled to Atlanta from Brunswick’s San Francisco office to discuss the strategy and tactics of crisis communications in the context of a significant network intrusion or other cybersecurity event. Topics included the “blogosphere,” how to prepare clients from a communications perspective and crisis management when after a breach occurs.
Associates on the CPR team also gave detailed presentations in their respective subject matter areas. These included Kacy Brake on evidence preservation and privileged investigations, Bruce Sarkisian on breach notification issues, Cara Peterman on securities issues, Kelley Barnaby on litigation issues and responses to governmental authorities, and Jason Wool and Lou Dennig on PCI-DSS and the card brand process. Sean Hyatt, counsel in our Atlanta office, also presented on cyber insurance issues. Peter Swire, Senior Counsel to the firm, also provided lunch time remarks on his many initiatives on behalf of the firm’s privacy and security clients.
As all of the associates in the firm’s Technology and Privacy Group are CIPP certified in both the US and the EU, CIPP credit was also provided. It was a stimulating and thoughtful day for all involved as they shared their respective reviews of typical (and atypical) breach and network intrusion issues. We look forward to using this multi-disciplinary exchange of ideas to benefit our clients as they prepare for and respond to third party network intrusion and other cybersecurity events that require the multiple talents of a “Digital Smoke Jumper.”