Grab Your Hammers, Here's a Data Breach Toolkit

This week, Steptoe launched its Data Breach Toolkit, a brainchild of partners Jason Weinstein, above, Stewart Baker (first DHS assistant secretary for policy), and Michael Vatis (founding director of the FBI's computer crime program). It's a guide for companies looking to protect themselves both before and after a breach. Jason, a former deputy assistant AG of the DOJ's criminal division, oversaw the computer crime section. After years of dealing with companies after their breaches, he wanted to help them be proactive and help lessen the chance of them being sued or investigated post-breach. The toolkit is the answer to the question Jason tells us he hears repeatedly: "Where do we start?"

We like to think lawyers are superheroes. We snapped this, a gift from Jason's friend, in his office. Before joining the Criminal Division, Jason served as AUSA in the SDNY and the District of Maryland. In Maryland, he created a program that lowered the murder rate in Baltimore from in the 300s per year to under 200, winning him a DOJ award. He gave us three cybersecurity steps companies can take proactively: Conduct a security assessment with lawyers and forensics to assess the risk of attack and what can be done to minimize it. Create an incident response plan—and test it (gather all of the key players and have them act out the scenario). Consider questions like whether, after a breach, you'd reach out to the FBI and Secret Service (in which case, it helps to have a contact there or a lawyer with one).