Tech Time: The step-by-step cyber incident response

Familiarize yourself with these 10 post-breach responsibilities before formulating your credit union’s cyber crisis management plan.

We never think it will happen to us, that a cyberattack like February’s credit union phishing campaign will be successful. But what if is? By now, you are probably aware that NCUA Part 748 Appendix A requires credit unions have a data breach incident response plan. But before you author or update your organization’s cyber crisis management plan, consider the steps of an incident response.

Step 1: Attorney-Client Privilege

Data breaches may result in litigation against the credit union. Communication with an attorney for the purpose of obtaining legal advice regarding the incident is privileged, meaning it is generally not discoverable during litigation. Attorney-client privilege, afforded by the courts so that clients may speak freely with their counsel, is important when dealing with potential data breaches. Be sure to train your team on how it works and when it applies, and review and implement it in each incident response.


continue reading »