On April 29, DOJ released guidance titled “Best Practices for Victim Response and Reporting of Cyber Incidents,” which outlines steps companies should take before, during, and after an incident, and includes a summary checklist. The guidance also states DOJ’s position on the legality of a number of monitoring techniques and the illegality of many forms of so-called “hacking back.” DOJ emphasizes in particular the importance of designing an actionable incident response plan and adhering to that plan during an incident. Additionally, DOJ expressed its view that real-time monitoring of an organization’s own network is typically lawful if the organization obtains consent from network users, including through the use of log-on banners. The Department also noted that installation of a “sniffer” or other network-monitoring device to record communications during an attack is typically appropriate but encourages organizations to consult with counsel to ensure that monitoring is conducted lawfully. Finally, with respect to “hacking back,” the guidance makes clear that victimized organizations should not attempt to access, damage, or impair another system that may appear to be involved in the attack, because doing so is likely illegal, regardless of motive.