Getting hacked is hardly an exciting thing, let alone something companies want to think about. Unfortunately in the climate of the way things are today, despite all the preventative measures you take, you are still at risk. So, what do you do if you get hacked? Here is a plan for how to coolly come back from the damage of a hack.
Have an “Incident Response Plan” ready and on deck even before any issues arise. Clearly outline who needs to do what in which situation. Once roles are that clearly defined, come incident each person knows what they are in charge of and has a plan to implement.
In addition to the Incident Response Plan, have a team on deck to solely handle the aftermath of a hack. This team should include representatives of IT, business leadership, HR, PR, as well as legal and operations.
In order to prevent future attacks as well as diagnose what happened, don’t be afraid to align with vendors and security experts as the need comes up. These teams can help sort out how a breach occurred and how to prevent a similar situation in the future.
Don’t delay meeting with either internal or external legal teams to sort out any legal implications of a hack. Lawyers will be responsible for telling you how you are to inform anyone involved as well as any practices for reporting to the government. They can also help set and preserve any evidence for any sort of litigation or remediation moving through.
Next, be vigilant about informing any insurance agencies and representatives. Be ready to collect and provide as much data as possible to them.
Most importantly, keep communication as open and transparent as possible. Keep all involved parties informed and up to date as things move forward. Let them know what has happened as well as any action being taken to remediate the situation. Keep them informed as actions are taken and changes are implemented. Be willing and able to show them that you’re all in it together.
In the end, a hack is the last thing your organization wants to think about, but better to be prepared than have to approach one blindly.