Cybersecurity Breach Checklist

• Record the date and time - It’s important to mark down when the breach was discovered and when your company or organization’s official response began. This will aid in the ensuing investigation.
• Alert everyone - If you have a response team, this is the time to notify it of the breach. In addition, this is when you should begin executing your preparedness plan.
• Secure the premises - Lock down the physical location where your servers reside in addition to isolating whatever area of your network the breach occurred in.
• Stop exfiltration of data - Take any affected machines offline, but avoid turning them off or interacting with them beyond that—this is a job for a forensics team.
• Document everything - You should keep a running record of every detail, from who discovered the breach and when, to what you know and what steps you’re taking.
• Interview anyone involved - Be sure to talk to (and document your discussions with) whoever found the breach, and anyone else with knowledge of it.
• Review communication protocols - Decide who needs to know what about the breach at this early stage.
• Assess priorities and risks - Take an objective look at what the current risks are and what your top priorities need to be moving forward.
• Bring in a forensic team - You will need to launch a formal investigation into this breach and the forensics team should be the ones leading it.
• Notify law enforcement - First consult with your legal counsel, and then, if necessary, notify the proper law enforcement channels.