Dear Mary (Advice Column)

Dear Mary,

One of our employees recently fell victim to a phishing attack, allowing unauthorized access to their email account for a brief period. To be safe, we reset everyone’s passwords and terminated all active sessions. We’re now in the process of hiring a law firm to determine if we need to notify anyone about the incident. It’s taking a little longer to get them engaged, but I’m hoping to have this done soon. In the meantime, is there anything else we should be considering?

– Not Entirely Clueless in ConnecticutContinue Reading Preserving Forensic Artifacts Following Incident Detection

Dear Mary,

We were recently impacted by a vendor incident, and the vendor is offering to provide notice to the impacted individuals on our behalf. That sounds like great news to us, but is this something we can and should consider?

– Potentially Optimistic in MiamiContinue Reading Can Vendors Notify Affected Individuals on Behalf of Businesses After a Data Breach?

Dear Mary,

One of our critical service providers recently suffered a cyberattack. It’s all over the news, and our business operations are severely impacted. We’re losing money every day, and we have no idea how long this will last. Do you have any suggestions on what to do? The lack of information from our service provider is incredibly frustrating.

– Frustrated in DallasContinue Reading How to Respond When Your Service Provider Suffers a Cyberattack

Dear Mary,

We received a data request from Health and Human Services, Office for Civil Rights, today. It was in connection with a data security incident that happened almost a year ago. Is this normal? Should this impact how we respond?

– Not Forgotten in New Orleans

Continue Reading Understanding Regulatory Response Times Following a Cybersecurity Incident

Dear Mary,

We had a security incident a few weeks backs that luckily turned out to be nothing. I’ll tell you, tension was high around here while the investigation was ongoing because there was a possibility that it was going to be bad. The forensic firm (hired by our outside counsel) figured out that the incident resulted from a misconfiguration in our MFA. We fixed that and now I’m wondering whether we really need a forensic report given the limited impact. I am not sure I understand the need.

– Uncertain in AtlantaContinue Reading Does Every Incident Require a Forensic Report?

Dear Mary,

I work in the IT department of a mid-sized company that recently detected a security incident. Everyone is freaking out – minus me. My manager asked our IT team to investigate the incident. But the incident is already contained, and business is back to normal. Why do we need to investigate further? Like seriously, why? And if we do need to investigate further, should I be doing this? I’ve been in IT for a while, and I have never been in this situation before.

– Forensic Forgoer in FloridaContinue Reading Should Companies Conduct Their Own Forensic Investigations?

We are pleased to introduce ‘Dear Mary,’ a new advice column from Troutman Pepper’s Incidents + Investigations team. This column will answer questions about anything and everything cyber-related — data breaches, forensic investigations, responding to regulators, and much more. ‘Dear Mary’ goes beyond the articles, podcasts, webinars, and other content we produce, as we are responding directly to your questions with concise, practical answers. ‘Dear Mary’ can be found here on the firm website, and direct links can be found on our Privacy + Cyber related blogs and newsletters.Continue Reading Troutman Pepper Launches ‘Dear Mary’ Advice Column