“You’ve been hacked.” Three words that you never want to hear, but that more and more organizations are hearing regularly. Within the past two weeks, the retail industry has taken a big hit with cybersecurity breaches impacting 5 million Saks and Lord & Taylor credit card customers and 150 million users of Under Armour’s MyFitnessPal app.

As the frequency and severity of breaches have grown, so have their damage to reputation and the bottom line. IBM/Ponemon’s 2017 Cost of Data Breach Study found the average cost of a breach to be $3.6 million.

So how can you make sure you’re ready to handle the fall-out from a dreaded cyberattack? Here are 5 best practices to consider when you’ve been hacked:

1. Assess the situation immediately. As soon as you suspect a data breach, the most important thing is to take stock of the situation. This means identifying the type and scope of the attack and determining its severity. Once the security flaw or leak has been identified, it’s critical to put a containment strategy in place to prevent the attacker from causing further damage.

2. Engage your response team. Another critical early step is to engage the response team that will be handling the breach. This team will likely include leaders from HR, Communications, IT, Security, Legal and Business Continuity. They will be responsible for how and when to inform affected parties, what to tell reporters and regulators, and how to remove the intruder and patch the vulnerability that caused the breach.

3. Be sure of your solution. Once you feel confident you have the breach under control, it’s essential to make sure the flaw is wholly fixed. This may mean looking through server logs, running penetration tests or extra scans on network-connected machines and devices, or investigating whether other servers or potentially a cloud infrastructure are vulnerable.

4. Notify internal and external stakeholders. After the breach has been stopped, open, honest and timely communication is key. Your response team should start communicating with key internal and external players, including providing guidance to employees on what to/not to do, notifying local and/or federal law enforcement, engaging the internal legal department and making the communications department is ready with a crisis communications plan.

5. Think long-term. While data breaches require immediate fixes, it’s equally important to take the time to assess what happened and evaluate whether there are other potential flaws in your organization. Putting a remediation plan in place will help address any additional security issues or other employee training or monitoring programs needed. Continued analysis of the incident and your security infrastructure will help protect you getting hacked again.

This also means conducting regular practice and drills so that if and when a real cyber breach occurs, all players know exactly what to do. The ability to respond quickly will make it that much easier to minimize damage from cyberattacks.

The past few years have taught us that cybersecurity is way more than an IT issue. It’s a business-critical part of every organization requiring careful thought, attention and monitoring. One of the biggest learnings from recent retail hacks is that response plans are no longer optional. Running damage control following a breach is stressful enough, but not having a formal incident response plan ahead of time makes it even more challenging. This also means conducting regular practice and drills so that if and when a real cyber breach occurs, all players know exactly what to do. The ability to respond quickly will make it that much easier to minimize damage from cyberattacks.

Groupdolists was designed to make the response process even easier. Our always-accessible platform will help guide your organization step-by-step through your incident response plan to keep everyone informed and on task until the breach is stopped and the situation is under control. If you need help developing your plan, our subscription library provides a pre-vetted cyberattack response plan that can be customized according to your specific needs.

Don’t wait to be the next cyber-victim. Prepare your organization today by becoming a Groupdolists user. We look forward to hearing from you.