No. 1: Secure Your Operations Including but not limited to: (Assemble a team of experts. Secure physical areas. Stop additional data loss. Remove improperly posted information. Interview people who discovered the breach. Do not destroy any forensic evidence.)
No. 2: Fix Vulnerabilities It’s necessary to have a long-term plan when it comes to preventing another data crisis. Take a look at all areas of your business and determine where there are vulnerabilities that could lead to further breaches. Including but not limited to: (Think about service providers. Check your network segmentation. Work with your forensic experts. Have a communications plan.)
No. 3: Notify Appropriate Parties Following a data breach, it’s imperative that your company maintains good communication, with the constituents whose information may have been compromised, as well as appropriate outside groups and law enforcement. Know which parties you are responsible for communicating with and the laws surrounding these notifications. Including but not limited to: (Determine your legal requirements. Notify law enforcement. Determine if the breach involved electronic health information. Notify affected business. Notify individuals.)