Dear Mary,

We had a security incident a few weeks backs that luckily turned out to be nothing. I’ll tell you, tension was high around here while the investigation was ongoing because there was a possibility that it was going to be bad. The forensic firm (hired by our outside counsel) figured out that the incident resulted from a misconfiguration in our MFA. We fixed that and now I’m wondering whether we really need a forensic report given the limited impact. I am not sure I understand the need.

– Uncertain in Atlanta

Dear Mary,

I work in the IT department of a mid-sized company that recently detected a security incident. Everyone is freaking out – minus me. My manager asked our IT team to investigate the incident. But the incident is already contained, and business is back to normal. Why do we need to investigate further? Like seriously, why? And if we do need to investigate further, should I be doing this? I’ve been in IT for a while, and I have never been in this situation before.

– Forensic Forgoer in Florida

We are pleased to introduce ‘Dear Mary,’ a new advice column from Troutman Pepper’s Incidents + Investigations team. This column will answer questions about anything and everything cyber-related — data breaches, forensic investigations, responding to regulators, and much more. ‘Dear Mary’ goes beyond the articles, podcasts, webinars, and other content we produce, as we are responding directly to your questions with concise, practical answers. ‘Dear Mary’ can be found here on the firm website, and direct links can be found on our Privacy + Cyber related blogs and newsletters.