Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to handle a zero-day attack – from lawyers

David Taber | April 11, 2016
We all know about zero-day attacks. But what about when the zero-day attack is in the form of a subpoena or other legal notice regarding the data in your CRM system? Don’t panic.

lawyer conference 
Credit: Thinkstock via CIO.com

It’s easy to make fun of lawyers, but the actual steps involved with legal proceedings is neither easy nor fun.  Before I start, I need to clearly state that I am not an attorney and none of this article should be used as legal advice.  It can be used as the starting point for a discussion with your lawyer ... and yes, my attorney made me write that. 

Let’s start at the beginning:  why would any legal eagle want access to your CRM data?  It’s just contact information and your pipeline – both of which are confidential parts of your business, right?   Here are some common reasons attorneys might need to get in there:

  • One of your sales reps did something fraudulent with a customer, who is now suing you.
  • One of your sales reps didn’t do their job, was fired, and is now suing you for wrongful termination.
  • One of your employees left their former employer and took a bunch of that company’s data with them ... and then uploaded it into your CRM system.  Now that old employer is suing you for theft of intellectual property.
  • One of your competitors is infringing on one of your patents.  You need to be able to prove the extent of damages and lost business.
  • A patent troll has hit your business with an infringement suit, based on code that’s in your CRM system.  You need to be able to prove who wrote that code and (hopefully) be able to deflect the suit to a consultancy that worked on the system.
  • You’ve got a dispute with one of the integrators who worked on your system, and are suing them for damages.
  • A regulatory agency is exploring product failures or customer complaints and needs to review your customer service records. 

Your attorneys are unlikely to know anything about the data in your CRM, much less what can and can’t be done with it.  So their requests may be pretty confusing, if not outright non sequiturs. 

Step 0 of your response strategy should be to carefully read the subpoena, the legal complaint, and any supporting documents.  Understand clearly what the time frame of the issues are, and get clues as to the timing of events going forward so you have deadlines to work with (don’t be surprised if they’ll all change, but at least you’ll have a starting point).  Talk all this over with your attorney and understand the specific rules and procedures that will be relevant.  The rules of the road are very different indeed for arbitrations versus court proceedings, let alone government regulatory investigations. 

Of course it’s all in the backups

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.