Careers

Experiences

Industries

Offices

Our Firm

Pages

Our People

Updates

Practices

Warner Norcross + Judd LLP is a corporate law firm with over 230 attorneys serving clients in nine offices throughout Michigan. Among the largest law firms in Michigan, Warner works in virtually all areas of business law.

Michigan Law Firm - Warner Norcross + Judd LLP

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.” &nbsp;─&nbsp; John Chambers, Former CEO of Cisco

core/paragraph

When it comes to cyber breaches, it is no longer a matter of “if;” it is a matter of “when.” Whether caused by family member thoughtlessness, employee error or the acts of a skilled data thief, everyone is likely to be the victim of an information breach at some point.

Cyberattacks Aren’t Just For Big Companies

core/heading

Although cyberattacks become more sophisticated every year, such as the recent breach at Capital One, many hackers go after easy targets where the data is more accessible and the chance of detection is smaller, often hitting small businesses, high net worth individuals and family offices. In fact, a 2017 study by Campden Research stated that of the high net worth Americans surveyed, 41% said their family offices or family businesses had already experienced a cyberattack.<a href="#note1">1</a> &nbsp; What makes these groups more accessible? They often:

Lack a dedicated IT team and have weaker online security

core/list-item

Have older software that hasn’t been purged, upgraded or patched for known vulnerabilities

Fail to use encryption technology for storage and transfer of sensitive information

Provide many staff members easy access to sensitive data in the name of providing excellent client service

Fail to back up data, perform system scans or conduct annual penetration tests on their systems

Fail to train staff and family members to be safe users of the internet, email and social media

Fail to secure staff and family devices, including Wi-Fi connections from homes

FAIL TO HAVE A RESPONSE PLAN IN PLACE FOR A BREACH

core/list

This same Campden report shows that almost 40% of study participants did not have a cybersecurity plan in place. This seems to show that families and their offices are failing to appreciate the damage that cyberattacks can cause them, such as public release of the family’s private information, theft of the family’s assets, ransom requests to unlock encrypted information, or even blackmail or personal security threats against the family.

Creating a cyber incident response plan can help identify gaps in your data security. In addition, it will prepare you to respond to a suspected breach and manage communications, notifications, insurance claims and other tasks following a breach. Plus, being prepared helps save time, money and embarrassment in the event of a breach. &nbsp; So, what can a family office or family business do to prepare for the possibility of a cyber breach?

Know who you will call first when you receive a ransomware demand or suspect that your data has been stolen. This contact person should understand your response plan and know the people in your organization who have the authority to approve the actions necessary to contain the breach and restore your system functions and business activities.

Then, create a team of people who are familiar with your systems and business practices, and who can carry out the plan once it is activated – attorneys, IT forensic professionals, communication specialists, etc.

Understand the key information you collect on family members and business activities, and identify legal and contractual obligations regarding the privacy and security of this information.

Determine the responsibilities agreed to by service providers who hold or have access to any of your sensitive information, and understand what is at risk and your remedies if a provider is breached.

Identify your key systems and controls, key risks, key systems providers and tools available to respond to a cyber incident. Implement tools, contracts, and family and staff training as needed to fill gaps in protection.

Scrutinize your cybersecurity insurance coverage to make sure it covers the areas where you will spend money in the event of a breach and it will work with the providers you plan to use as part of your response team.

3. Develop protocols and procedures and test them regularly.

Define the circumstances that will trigger your incident response plan.

Create prototypes for internal and external communications that can be quickly revised to address the particular incident.

Establish protocols for notification of any law enforcement agencies, insurance companies, service providers, etc.

Test your systems and the response plan in a simulated cybersecurity incident each year.

4. Have a plan to contain the breach quickly and manage information.

Have response team members on stand-by who can:

Determine the nature of the event and contain it

Identify information or systems that have been accessed

Restore systems back to normal while ensuring the preservation of records and evidence

Conduct an investigation and notify law enforcement if necessary

Communicate with staff and family members and provide legally necessary notifications

File injunctions to prevent publication of stolen information or respond to threats of litigation

Notify and work with your insurance company

If you have a goal to be prepared, but planning for cybersecurity keeps getting pushed to the bottom of your never-ending “to do” list, Warner can help you move forward. Our Cyber Incident Response Service provides a team of attorneys, IT forensic professionals and crisis communications specialists to help your family office or business conduct a review of your current situation and develop your data incident response plan.

Then, in the event you have an incident, a Warner attorney will be your first point of contact, and the team will execute your response plan, assist with follow-up matters such as insurance claims, and conduct a post-incident review to present to your leadership group or board of directors. Because Warner manages the response team, the IT forensic and crisis communications firms work under our direction to protect the investigation and communications with attorney-client and attorney work product privileges to the extent possible.

If you would like more information on working with our team or preparing your family office or business for a cyber incident, please contact Rodney Martin (616.752.2138 or&nbsp;<a href="mailto:rmartin@wnj.com">rmartin@wnj.com</a>) or Mark Harder (616.396.3225 or&nbsp;<a href="mailto:mharder@wnj.com">mharder@wnj.com</a>). &nbsp;

<a>1</a>Campden Wealth. (2017).&nbsp;More than a quarter of UHNW families targeted by cyberattack.&nbsp;Retrieved from&nbsp;<a href="http://www.campdenwealth.com/article/more-quarter-uhnw-families-targeted-cyber-attack" target="_blank" rel="noreferrer noopener">http://www.campdenwealth.com/article/more-quarter-uhnw-families-targeted-cyber-attack</a>

Legacy Matters

Private Client and Family Office

Partner

Mark K. Harder

Of Counsel

Rodney D. Martin

Trusts and Estates

Is Your Family Office Ready For a Cyber Incident?

Warner Norcross + Judd LLP is responsible for the contents of our advertising and this website. Please read our full <a href="/privacy-policy/" aria-label="see privacy policy">privacy policy</a> available on our website. If you have any questions or comments about our website or our Privacy Policy please contact us at <a href="mailto:info@wnj.com">info@wnj.com</a> or 616.752.2000.