Develop a data team responsible for managing a data breach.
Rehearse the plan, identify key blockers and help remove blockers.
Detect the data breach: check security systems, firewalls, advanced threat protection systems, network behaviour, login activities, external parties notifications;
Contain the data breach: Ensure the impact of the breach is restricted that the attack cannot progress any further within the organization and identify how the breach occurred and the root cause of the breach;
Eradicate the effects: review the affected systems;
Remediate: Eliminate the cause of the breach, remove malicious software, patch, reconfigure systems;
Recover: Recover the systems back to the state they were in before the breach occurred;
Review: Document the data breach;
Communicate: Inform affected customers and data protection authorities or other relevant authorities if needed.