Incident-Response
We have adopted an “assume breach” philosophy and take steps to prepare for an incident. The following items are the steps we go through in the first 48 hours after discovering a data breach.
- Document in detail the date/time and how the data breach was discovered, who discovered it, and when the incident response procedure began.
- Immediately notify all members of the crisis communication and third-party vendors as well as executives.
- Preserve all physical evidence surrounding the location of the breach.
- Protect unaffected systems from further data loss by disconnecting them from affected systems while bringing affected systems offline.
- Perform a thorough forensic investigation of all unaffected systems to ensure they are not breached.
- Protect yourself from further liability; document everything, including the circumstances under which the breach was discovered, types of data lost, affected parties, etc.
- Employ an independent third-party vendor to interview internal employees who discovered and initially responded to the data breach.
- Fix the issue that caused the breach.
- Begin the notification process after consulting with the legal team to determine the notification process and priorities.
- Contact law enforcement