Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to handle a zero-day attack – from lawyers

David Taber | April 11, 2016
We all know about zero-day attacks. But what about when the zero-day attack is in the form of a subpoena or other legal notice regarding the data in your CRM system? Don’t panic.

Write everything down

As you are doing all the steps above, create a journal of everything you find (and don’t find).  Any decisions made – even minor ones about data access and storage—need to be memorialized.  You’ll never remember this stuff months later when you get deposed about it. 

When it comes to analyzing or even manipulating the data, try to avoid using any custom code.  It’s going to be much easier for all concerned if you use products and methods that can be easily reproduced, even if a clever AWK script with some APL matrices would be more elegant.  Any settings and parameters for the apps and databases used in your analysis should be recorded in your journal entries, and use screenshots liberally to substantiate the details. 

Of course, anyone with an interest in the outcome of the case should not be analyzing, let alone manipulating, data.  Typically, this means consultants should be doing all the data crunching.  Make sure that the consultant has no investments in your company or the opposing party, and that your contract with them contains no incentives or bonus payments for specific outcomes. 

(It’s best if there are no incentive payments at all.)  If there is going to be analysis that is critical to your company’s case, the consultant is likely to have to testify (at least in deposition) and it is critical that they be fully qualified as an Expert Witness and willing to give testimony.  These are fairly rare birds:  you can find them in the FEWA, TASA, or IMS online guides; expect to spend between $400 and 600 an hour on them (yes, really) if they are going to appear in court. 

The big picture

If all this sounds daunting, it is.  Your goal – immediate and long-term – should be to settle the matter as fast as you possibly can.  Do not get defensive, focus on proving “I’m right and they’re wrong,” or obsess on purist goals:  that way lies only increasing frustration and huge costs.  Because even if you win, you lose.  Law suits are always a distraction from your real business, and nobody will compensate you for the opportunity cost of the time and emotional energy you put into it. 


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.