Once a breach occurs, you’ll want to identify what the attackers accessed and how they accessed the data. This information helps you identify if you need to notify users that their data has been breached and learn how to protect yourself from the next attack.
First, make sure you have the necessary resources and preparations in place to investigate. The process of identifying how an attacker entered the network is often based on the evidence and timeline analysis. Knowing how best to handle the evidence and having a plan in place before an intrusion occurs are key to properly handling the investigation. The Cybersecurity Unit for the US Department of Justice has several resources to help with planning ahead.
This task checklist will make it easier to respond to a data breach or limit its damage:
Create a communications plan
Have plans in place to communicate to management about potential threats and risks to the organization—and plans and tools to counter threats. Meet regularly to discuss risks and reactions. Identify the key assets of the company and identify what protection processes you are doing to protect these key assets.