Victim of cyber crime?
Has your company become a victim of a ransomware attack, which means that you are no longer able to access your data? Has your client become a victim of such an attack? Are you considering paying the requested ransom, but are unsure whether this is the right approach? Do you know how to deal with business partners in such a situation?
It is important to be assisted by a lawyer as soon as possible. Experience has shown that in times of crisis, on the one hand partners desperately need each other, but on the other hand they act out of fear. Take a professional, business-like approach instead. Then, the crisis phase can be carefully managed.
Often, there is panic shortly after discovery of a ransomware attack or other form of cybercrime. Employees are unable to do their job because systems and data are inaccessible. The scale of the cyber-attack is unclear, and so is which systems are hit. Also, disruption arises amongst clients.
First Lawyers assists companies to respond in an alert, professional and adequate manner. Mainly, this phase is about maintaining peace and order, creating space for forensic investigations, informing the media to the extent appropriate, answering questions, and responding to employees’ uncertainty. In addition, it is essential to safeguard the legal position. Often, in this phase, First Lawyers is an advisory member of the crisis team. The actions during this phase can determine whether there is the possibility of being compensated for losses suffered. Also, First Lawyers ensures ‘proper procedure’ during a forensic investigation, assists companies in filling out the police report and reports to the Dutch Data Protection Authority.
After the crisis phase, attempts will be made to recover the data, and a project organisation is set up to repair, improve and/or replace the ICT infrastructure. In addition, the investigators are generating insight into the nature and extent of the damage.
First Lawyers often conduct an internal investigation to determine the company’s legal position. What contracts have been concluded will be assessed, as well as how these contracts relate to each other, and how they have been executed. In addition, an investigation is carried out into which division of tasks and responsibilities between parties has been formally secured, and if both parties have behaved accordingly. The aim is for insight into the available evidence, e.g., can parties demonstrate compliance with contractual obligations? Are reports or notes of mid-term evaluations available? What management and security measures have been taken, and are audits performed to establish the demonstrable effectiveness?
These and other questions are addressed during an internal investigation. Subsequently, First Lawyers will advise on the company’s options for claiming their losses and identify which actions are required to secure these options.