You’ve Been Breached. Now What? Use This Checklist To Start.

You’ve just realized that a cyber hacker has gotten inside your systems, your network. Scared? We understand. Now what? Use this checklist to get started. Once you’ve confirmed a data breach has resulted in a loss of data, it’s time to determine how to notify your customers, employees, and business partners.

Ensuring that consumer letters meet state requirements, setting up required hotlines, validating addresses, and tracking for reporting purposes can quickly become overwhelming. As part of your risk management strategy, it may be a good idea to identify vendors who specialize in data breach resolution before you need one, and add the information to your incident response plan.

  1. Identify affected individuals and determine what data has been lost.
  2. Work with your forensics and legal teams to determine if notification is required to individual consumers. Not all breaches require notification. Legal counsel can help decide if notification is required. In fact, speaking of legal, your lawyer should be your first phone call. If you call us first, we’ll have you contact counsel and then have your attorney contact us. You will have to notify individuals according to the laws of the state where they live, NOT where your business is located. Please note that all states that have notification laws have different timelines, and some mandate specific content in the notification letter.
  3. Work with your legal team and crisis communications team to determine media response, and identify a communications strategy for talking with employees and business partners. How you respond after a breach will be critical to rebuilding after the breach is cleaned up.
  4. If consumer notification is required, contact a data breach resolution vendor, determine products and services needed. For example, services could include developing letters, printing, managing returned mail, offering credit monitoring services, and tracking metrics. Develop letter templates, stand up hotlines and websites, and begin publicizing. Remember the letters themselves may require secure handling. You’ll need to track delivered, returned and undeliverable mail for reporting purposes.

Bar none, advance preparation is key to successfully managing a data breach. Failing to plan can result in higher fines and expenses, and damage your brand reputation. Consider starting to think about how you will respond to a breach NOW before it even happens. Sera-Brynn provides a holistic approach to incident response, including forensics, support identifying legal assets, crisis communications and post event training and clean up. Contact us today to talk this through more.