We have adopted an “assume breach” philosophy and take steps to prepare for an incident. The following items are the steps we go through in the first 48 hours after discovering a data breach.
- Document in detail the date/time and how the data breach was discovered, who discovered it, and when the incident response procedure began.
- Immediately notify all members of the crisis communication and third-party vendors as well as executives.
- Preserve all physical evidence surrounding the location of the breach.
- Protect unaffected systems from further data loss by disconnecting them from affected systems while bringing affected systems offline.
- Perform a thorough forensic investigation of all unaffected systems to ensure they are not breached.
- Protect yourself from further liability; document everything, including the circumstances under which the breach was discovered, types of data lost, affected parties, etc.
- Employ an independent third-party vendor to interview internal employees who discovered and initially responded to the data breach.
- Fix the issue that caused the breach.
- Begin the notification process after consulting with the legal team to determine the notification process and priorities.
- Contact law enforcement