Cybersecurity Law

Answer each Hypothetical Scenario separately:

Responses to individual questions must be at least 250 words

Hypothetical Scenario:

You’ve just graduated from the University of Virginia  and landed a great job with a new company of about 50 employees. The company, Widgets X, is based in Richmond, VA and manufactures and sells “awesome widgets”. It has a small brick and mortar store in Baltimore, but does most of its business online. The company has customers in many states and even has international customers.
You were hired because of your cyber law and policy expertise. On the first day of the job, the CEO comes to you and says, “I know that cybersecurity is important and we have to do something to protect our company! I want you to tell me what we need to do to prevent any problems. I want recommendations on my desk as soon as possible.”

Question 1: What recommendations do you make to your boss at this time?

Hypothetical Scenario, Continued:

You’ve been at Widgets X for almost a year now and you are enjoying your job very much. The business is going well and growing. One afternoon, Nick Burns, the tech guy comes into your office with a worried look. He starts: “We’ve been seeing some strange activity on our network over the past couple weeks. IT has been looking into it and now I’m worried that our network may have been breached by hackers. I can’t say yet what exactly the hackers have been up to, but I’m pretty sure they got a lot of our customer information, including names, addresses, emails, and credit card numbers. What should we do now?”

Question 2: What immediate actions do you recommend the company take to respond to this apparent cyber incident?

Hypothetical Scenario, Continued:

After taking the necessary immediate actions to respond to the cyber incident, the incident seems to be resolved. Widgets X is back to normal business operations. However, the event was a significant wake-up call for the company. The CEO wants to know what you recommend the company do, having experienced a breach like this one.

Question 3: What longer-term actions do you recommend for the company?