Does your organization know what to do if law enforcement came knocking on your door?
Honestly, we have work to do to be prepared for such a situation. Our organization knows to direct the news and the messenger to our Legal and IT teams. Both teams know how to understand the message and findings, understand impact to consumers and us, inform our cyber security insurer & exec branch, and prepare for response and corrections. We are in the process of defining our process regarding who all to call first, record incident details, in parallel stop the bleeding, inform customers, fix the issue and build prevention procedures to avoid a bad day like this etc. We have made progress; we aren't just there yet.
I'd love any advice from you, Scott, and others on what you recommend organizations should do to prepare for such a situation, and areas to work on to prevent having a bad day.
Similar to Chirag, we have improvements to do with our planning and preparedness. Where we have done some things - we have policies in place to know how to react, what we need to do, notifications with regards to breach, and our Privacy/Compliance team puts efforts in to understand national and international laws. We use this to improve our overall readiness, such as hard drive encryption and other measures.
Another thing that we've been doing is tabletop exercises. We've been conducting about 1 per quarter with different scenarios. We include IT, HR, and Legal, plus any necessary individuals with focus on our exercise topic. We use this to improve our processes and better overall preparedness.