It's often said that there are two types of companies: those that know they've been hacked and those that simply haven't realized it yet. Essentially, no company is immune from the risk of some kind of cybersecurity incident. And depending on the way a company handles breach response and messaging post-breach, recent incidents at companies such as Equifax Inc. and Uber Technologies Inc. highlight that the repercussions can be massive.

So how are in-house counsel handling this responsibility?

For eHarmony Inc. vice president and general counsel Ronald Sarian, a major part of the strategy is staying in the know about what types of attacks other companies are experiencing. Sarian, who joined the dating site as its legal boss in 2013, said on a panel on the first day of ALM's 2017 cyberSecure conference in New York City that this constant reading on latest developments actually thwarted a phishing attack at eHarmony.

➤➤ Sign up here for Inside Track, Law.com's new briefing on in-house lawyering.

About two years ago, Sarian said, scammers went after Snapchat by impersonating the tech company's chief executive officer and asking those in the payroll department for personal employee information. Sarian read about the successful attack and advised eHarmony colleagues to watch out for a similar incident.

The next day, according to Sarian, eHarmony's accounting department was targeted by an identical phishing attack in which scammers pretending to be eHarmony CEO Neil Clark Warren requested W-2s for salary review. But because of Sarian's warning, the accounting employees knew not to respond, he said.

Even more important, he added, is really knowing those in a company's IT department. With a background as a litigator, Sarian explained that he made a point when he moved in-house at eHarmony to sit down with the company's tech team and develop relationships with them. “They need to be comfortable when they're talking to you so that if they have anything that's even suspicious, they [aren't] scared of you and you don't want to be scared of them either,” Sarian said. “You want to be on the same wavelength.”

And then there's employee onboarding and offboarding, Sarian said. New employees should know, for instance, about what to look for, what to open and what not to open, he said. And when someone is leaving the company, he noted, it's important to have a system in place that immediately shuts off access to company systems and devices.

“You don't want a disgruntled employee coming in and trying to mess you up,” Sarian said. “Not giving them any advance notice that they're being terminated is a little bit harsh, but that's the only way to do it in the tech business, really. You just can't tell someone in advance, because they're going to start plotting against you, perhaps, and you're going to have some trouble.”

Just as important as incident prevention is reacting to incidents that occur, Sarian said, because having a good cyber response plan in place can go a long way in protecting a company's reputation.

“The first thing you have to do is figure out what the hell hit you … and then you make a disclosure to all your customers,” he said.

It's true that getting to the bottom of these incidents takes time, and quickly releasing inaccurate information and then later having to make corrections can damage a company's reputation, he explained, but sitting on a breach or trying to hide it will only make things worse when the information inevitably comes out.

“How you handle it after [an incident] occurs has a lot to do with how hard it's going to hit your company,” said Sarian.