When a cyber breach occurs, cooler heads need to prevail. This can be a highly emotional and stressful occurrence. Being prepared and having a clear plan of action will help you stay focused, meet your compliance requirements, and above all, minimize the fallout and risk.

In building your response plan, here are five things to consider:

1. Contain

First and foremost, isolate the affected systems or networks to prevent the threat actor from spreading or causing more damage. This may involve your IT and security teams shutting down impacted servers, partitioning networks, or disconnecting affected devices from the internet.

2. Notify

Dictated by the type of breach and jurisdictional requirements; you may be legally obligated to notify impacted or potentially impacted parties, including customers, partners, employees, and regulatory bodies. If you are obligated to notify, you will need to provide information about the breach, including the extent, along with what you are doing to address it and steps individuals can take to protect themselves.

3. Investigate

Don’t go it alone! Bring in professionals experienced in conducting post-breach forensics to gain a full understanding of the breach and the threat actor, including the extent of the breach, where and when it started, techniques used to access your environment, and what specific systems and data were compromised. Additionally, make sure you preserve evidence and logs that will assist in the breach analysis.

4. Message

Having a well-conceived communications strategy for handling internal and external messaging will serve you well in the near and long term. If you have a PR agency, engage with them early and inquire about crisis management services. Your communications plan should include a consistent set of messages crafted for each specific audience, such as employees, customers, and the media.

5. Recover

Remember, you can overcome a breach! Once the breach has been contained and you have identified the entry points and tactics, focus on locking down the system and removing any vulnerabilities that allowed the incident to happen or could expose you in the future. This might include patching systems, changing passwords, strengthening security protocols, and implementing additional security measures. You will also want to have a plan to quickly and, above all, safely get affected systems and services back online to minimize downtime and mitigate the chance of another breach.