Data Breach Checklist
Have you incurred a data breach? Here are the immediate steps to take to defend and protect.
1. Make an initial assessment
- Determine the nature of the incident – Is it in fact a breach?
- Determine the type of information that has been exposed
- Locate incident response guide and begin the process
- Assemble the incident response team as needed
2. Commence breach mitigation efforts
- Determine if the breach is active
- Identify all affected systems, computers, and devices
- Interview key personnel
- Determine the cause of the breach
- Commence mitigation efforts
- Determine when systems can be brought back online
- Use alternative communications channels as needed
3. Preserve records of the breach and mitigation
- Preserve evidence of the breach, including log files
- Control the creation of new documents and records
- Document all efforts to investigate and mitigate the breach
- Involve legal as necessary, which may help to preserve the privilege
4. Notify any additional internal parties
- Immediate data owners within the organization
- Media relations
- Risk management
- Human resources
- Employees (if impacted by the breach)
- Depending on the scope, senior leadership and the Board
5. Notify relevant breach-response vendors
- Outside counsel
- Insurance broker
- Insurance carrier
- Breach coach
- Credit monitoring
- Forensics experts
- Call centers / mailing houses
6. Notify other third parties
- Acquiring bank (for credit card breaches)
- Law enforcement
- Impacted customers
- State attorneys general
- Regulators
- Credit reporting agencies
- Contract partners (if required by contract)
7. Post-mortem
- Assess root cause of the breach
- Assess and improve the incident response guide
- Assess deployment of information security resources