If your business has experienced a data breach, you are probably wondering what to do next.

The Federal Trade Commission’s new Data Breach Response: A Guide for Business, accompanying video, and business blog can help you figure out what steps to take and whom to contact.

Key steps include:

  • Securing physical areas potentially related to the breach, locking them, and changing codes if necessary
  • Stopping additional data loss by taking all affected equipment offline immediately, being careful to not turn machines off or destroy evidence
  • Monitoring all access points to your system (if a hacker stole credentials, you’ll need to change those credentials too, even if you’ve removed the hacker’s tools)
  • Removing improperly posted information from the web and conducing a search to make sure other sites haven’t posted the information (if they have, ask them to remove it)
  • Notifying law enforcement and all affected businesses and individuals

The guide also includes a model data breach notification letter.