Kayleigh and her colleagues often say it is not a matter of “if” but “when” a company will find itself responding to a possible data breach. To help clients prepare and respond effectively, Kayleigh provides guidance before, during, and after incidents. 

During a security incident, Kayleigh helps clients create a game plan for investigating what happened and resolving any operational or communication challenges. If there are potential obligations to notify employees, other individuals, customers, law enforcement, or regulatory bodies, Kayleigh helps clients identify and meet those obligations. If attorneys general, law enforcement, or other government agencies demand more information, Kayleigh helps clients respond strategically. The types of incidents that Kayleigh advises on include:

• Ransomware
• Phishing, spam attacks, wire fraud, and other email-related compromises
• Inadvertently disclosed documents
• Lost or stolen devices
• IT scams
• Employee wrongdoing
• Incidents occurring at vendors and other third parties

Before and after an incident, Kayleigh helps clients plan for the future, with an eye toward reducing the frequency of incidents and the scope of their damage. Her pre- and post-breach services include:

• Educating boards of directors and other stakeholders on cybersecurity preparedness
• Conducting tabletop exercises to “dry run” who would do what during an incident 
• Developing (or improving existing) policies on:
  • Incident Response Protocols  
  • Document Retention
  • Employee Cyber Awareness and Training
  • Employee Use of Company and Personal Devices 

In all of these matters, Kayleigh is well versed in the particular needs of clients in sectors like: education; banking, credit unions, and other financial services; manufacturing; health care; technology; retail; and municipalities and other governmental entities.