In 2021, data breaches cost Canadian companies nearly $7M [1] in recovery alone. Factor in potential litigation and these costs can skyrocket, which is why compliance and litigation preparedness are now critical elements of legal counsel’s breach response strategy.
As organizations and firms transition to more digitized, hybrid work, there’s no escaping the real possibility of a cyber attack. Here are three of the top reasons legal teams need to get involved:
– Larger attack surfaces – both digital and physical
– Complexity of managing hybrid networks and remote users
– Value of Intellectual Property (IP) and Personally Identifiable Information (PII)
And, while security technologies are more advanced, data has become more distributed across multiple users, platforms, devices and networks, making breach response increasingly complex. What was once exclusively handled by IT now requires a coordination of efforts across various teams, skills, and functions. A typical breach response today involves:
– Detection
– Containment
– Remediation & Recovery
– Forensics
– Reporting
– Litigation preparedness
This means that a modern breach response strategy leverages the responsibilities of legal counsel, as much as IT, to mitigate a data breach’s financial, legal and reputational impact on an organization. To do that effectively, counsel must know exactly what data was accessed, whom it belonged, and whether there is an obligation to report the incident and notify stakeholders.
For legal counsel, where should you start?

4 ways to get started

1. Establish an effective data retention and preservation policy
In hybrid work, employees access and produce data from multiple endpoints outside the secured office perimeter. They may be using their personal or shared devices, or applications that are not approved and managed by the IT department, commonly referred to as shadow IT. In addition to exposing the organization to potential cyber threats, this can further complicate eDiscovery processes, such as collection and digital forensics, where critical information must be prevented from being lost, destroyed, or altered.
Without a solid data protection strategy and retention guidelines in place, spoliation is a significant possibility. And when digital evidence is spoliated, lost and cannot be restored, legal sanctions and compliance issues can ensue.
2. Conduct a highly defensible and auditable ESI collection
Accessing and collecting Electronically Stored Information (ESI) evidence for litigation can seem daunting and, if not done correctly, can have costly implications for any firm or organization experiencing a data breach.
With remote and hybrid work, information is now stored across several digital locations from desktops, laptops, mobile devices, servers, and even social media. This presents unique challenges for the collection of ESI in the event of a data breach, but one that can be solved with the right technology partner.
For example, you’ll want to consider working with an eDiscovery and risk management provider that can accommodate both remote and in-house collections. Ricoh’s eDiscovery Services team recently opened a forensics lab in Toronto, making it easier and safer to bypass any uncertainty in timelines when shipping devices. Additionally, it means that data can move securely and seamlessly from forensic collection all the way through to production.
3. Work proactively with IT and leadership to integrate cyber security with business strategy
It can’t be overstated: organizations that do not effectively manage their cyber security risks are increasingly vulnerable to significant damages. Beyond the financial costs of remediating systems and applications, there are costly regulatory, legal and reputational implications as well. And the latter falls squarely on the shoulders of counsel to effectively mitigate for their clients or firm.
Therefore, as stewards of corporate compliance, legal teams can help organizations build holistic security strategies that include plans for information governance, regulatory standards, and even privacy laws all while leveraging the latest security technology and software.
This could look like corporate counsel working with CTOs or CISOs to establish better policies around PII or creating clear protocols for investigating internal versus external data breaches.
Ultimately, today’s digital landscape mandates an imperative partnership between legal and IT teams.
4. Know how to preemptively mitigate cyber attacks
According to the World Economic Forum[2] 97% of cyber threats target human error, and 28% of attacks could be prevented if employees followed cybersecurity guidelines.
This means that an organization’s best line of defense is still in the hands of its people. Here are some best practices to keep threats at bay:
– Establish strong password protocols across the organization, including multi-factor authentication
– Provide education on how to identify and respond to suspicious notifications, ransomware or phishing emails
– Manage the use of mobile and personal devices for work-related activities
– Implement end-point protection systems that prevent, detect and act on potential security threats
– Secure traffic with VPN, firewall and switches to allow or deny traffic flow to the network
Faced with the possibility of a cyber breach? It’s inevitable. Work with a partner that combines IT, data management, security and eDiscovery in one service offering to help you or your clients mitigate further damage.
Ricoh’s Cyber Breach Regulatory Response is a comprehensive post-breach solution that helps you review and identify the information required for a regulatory response. To learn more, connect with us today.
[1] IT World Canada: Average cost of a data breach to Canadian firms studied hit $7 million, says IBM
[2] World Economic Forum: How to Prevent Cyber Attacks? Here are 5 tips