If you’ve discovered that your company has been hacked, the first 48 hours are absolutely critical. A cybersecurity breach can be privileged client data, business records, company design forecasts, or payment card customer details. Every aspect of your company’s infrastructure could be compromised. Knowing how to actively marginalize further harm and eliminate cybersecurity vulnerability can be dealt with in the first 48 hours with an incident response plan. The plan will determine what security protocols and responsibilities will be implemented to manage risk and protect confidential data.

Develop Incidence Response Plan

The Company’s security breach response plan will elaborate the roles and responsibilities of all security, company officials and impacted departments that must handle a security breach. The plan provides security team members, and possible external security officials, with direct procedures to be used in analyzing the degree of breach and level of vulnerability regarding further security risk to the company’s infrastructure. The plan should include periodic security breach “fire drills” and “penetration tests” to prepare staff and security personnel on how to anticipate actions or issues that may be overlooked during a security breach.

Coordinate an Internal Response Team

Even if you have retained cybersecurity personnel to deal with day-to-day security concerns, you should hire a professional external IT cybersecurity company which have professionals trained in security breach detection and can coordinate immediate measures to identify and contain the breach.

First 24 – 48 Hours

Identify the potentially affected businesses, clients, or customers impacted and assess the degree of exposure. Coordinate the collection and preservation of all metadata, including stolen and/or weak passwords, malware breaches, social media attacks, and phishing. Segregate the documentation without alteration. Maintain chain of custody on data breach evidence and establish protocols for protecting privileged data.

Utilize internal and external counsel to assist in the evaluation of possible civil or criminal regulatory concerns. Prepare an initial security breach report for insurance companies, financial institutions and the board of directors and stockholders if the company is a public company. Check with legal counsel to determine what applicable laws in the country you are operating in obligate you to report immediately to the regulator.

Coordinate Customer and Media Response

Activate company media and customer response center to handle media, customer, and email and social media inquiries. Be honest and communicate what is known, even if the degree of the breach is not verified. Manage customer and client notification letters in addition to offering identity theft monitoring and protection services to those impacted by the breach. Preserve and verify key findings and facts for a post incident evaluation meeting with staff, and relevant authorities and agencies.