Does Every Incident Require a Forensic Report? - Dear Mary – Incidents + Investigations Cybersecurity Advice Column

Karla Ballesteros, Kaitlin Clemens, Samuel Fishel, Robyn Lin, Sadia Mirza, Stephen Piepgrass, Ronald Raether, Jr., John Sample, Whitney Shephard, Casselle Smith, Ashley Taylor Jr., Edgar Vargas, Daniel Waltz
Troutman Pepper
Contact
LinkedIn
Facebook
X
Send
Embed

Troutman Pepper

‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to respond to regulators, and much more. ‘Dear Mary’ goes beyond our articles, podcasts, webinars, and other content we produce because here, we respond directly to your questions with concise, practical answers. We promise they will be interesting, informative, and hopefully a little fun.

Drop us a line with any cyber-related question you would like answered – whatever may keep you up at night – and we’ll do our very best to provide a practical, actionable answer. Of course, our answers will be somewhat general in nature and should not be considered legal advice – always consult with an attorney (preferably one of ours!) before acting on anything you read here.

Thank you for reading!

Dear Mary,

We had a security incident a few weeks backs that luckily turned out to be nothing. I’ll tell you, tension was high around here while the investigation was ongoing because there was a possibility that it was going to be bad. The forensic firm (hired by our outside counsel) figured out that the incident resulted from a misconfiguration in our MFA. We fixed that and now I’m wondering whether we really need a forensic report given the limited impact. I am not sure I understand the need.

– Uncertain in Atlanta


June 12, 2024

Dear Uncertain,

This is certainly one of those topics that gets people chatting. But if you ask me (which you did), I’d say seriously consider getting the forensic report, especially if it may be covered by attorney-client privilege. However, you need to remember two things: (i) even if you believe the report is privileged, assume that it will be part of litigation later; and (ii) the report needs to purely factual. The fact that there was a hiccup with the MFA configuration isn’t something that is privileged. So, documenting it in a forensic report doesn’t necessarily worsen your position (again, depends on how it is documented). You just need to make sure the forensic report is limited to the facts. There is no room for imagination, opinions, or speculations. Think nonfiction. Like this letter.

It’s also worth noting that the forensic report could come in handy later if any issues related to the incident pop up. It demonstrates the company was diligent in investigating the incident and took the right steps from an incident response perspective.

Glad to hear the incident turned out to be small. I guess the saying is true—MFA isn’t bulletproof.

Text Dear Mary in a black script font

Written by:

Troutman Pepper
Troutman Pepper
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Troutman Pepper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide