You've Been Breached!

So, your organization has suffered some kind of data breach. Encryption. Theft. Destruction. It’s a sucky day to the highest degree. It’s time for an Incident Response Plan. Actually, it’s past time for one. It’s too late for one, actually. But let’s talk about what you can do and should do. If you don’t have an Incident Response Plan, that is.

First, if you already have an organization with a strong cyber security background, contact them immediately & follow their lead.

But if you’re on your own, here are some steps. I want to be clear, these steps are if you don’t have an experienced party working with you at the moment (like…um…Simplex-IT, maybe?). Absolutely document, document, document what you’re doing!

But there are 4 focused steps:

First, stop the bleeding if you can. Get the best team you can together (both business and tech) and figure out how (ie credentials, network segmentation) you can slow things down.

Second, get an idea of what the exposure is. What types of data have been compromised (and how).

Third, notify. Start sharing the bad news. This includes law enforcement. And try to identify a single person to traffic information.

Fourth, time to learn. What happened? How could it have been prevented?

I want to stress, this is not an Incident Response plan. But it is a rough list of steps to consider if you don’t have an Incident Response Plan in place.