What Should You Do If You Get Breached?

If you already have an Incident Response Plan ready, then activate and follow that plan. Notify your IT team immediately. As far as your system is concerned:

1. Isolate the affected machine, taking it offline from the internet and from your internal network.
2. Use Anti-virus tools to identify and neutralize the malware.
3. Change the passwords of any logon IDs which access that system.  If multi-factor authentication was not already in use, implement it as soon as possible.
4. Alert other employees to increase their vigilance.  If the breach resulted from a phishing response, it is especially important to inform other staff of that danger.
5. Scan and verify any backups to make sure they were not compromised.
6. Fully engage your technology teams and provide ample resources for them to conduct forensics and ultimately restore data and full functionality.

From the legal perspective, a data breach triggers requirements which can vary state-to-state.

1. Notify your legal team.
2. Take necessary and timely actions to notify regulatory agencies.
3. If you have a cyber-breach insurance provider, contact them per their guidelines.
4. Craft and deliver a notice to your impacted customers as required.

Your ongoing business may be significantly impacted by the breach. If necessary, devise an alternate means of servicing your customers.  If that is not possible, prepare for a temporary shut-down until the issue is resolved. Communicate reassurance of your efforts and commitment to your customers.  Include identity theft protection and/or similar offerings as appropriate.

But the best defense against a breach may well be educating your staff and customers to the ever-present dangers of a cyberattack. NXTsoft specializes both in education against, and response to, cyberattacks. Stay cyber safe.