When a data breach hits, time is of the essence. The first step in minimizing the damage is to contain the breach immediately by quarantining your IT infrastructure:

Use a pre-configured kill switch to isolate compromised devices or networks and cut off access to affected systems without disrupting critical services. If a breach happens outside business hours, you can also use scripts or remote access commands to power down systems from a distance.

Divide your network into smaller, isolated segments using network segmentation to create a safety net. This way, if one segment is compromised, the breach doesn't automatically spread to the entire network.

Disable unauthorized access with role-based access control so that if one user account gets compromised, the impact is limited because users can only access what they truly need.

Activate your incident response plan by starting with a "breach coach" or attorney who can help you craft a solid communication strategy. Make sure to define clear roles for your IT, legal, and HR teams, along with a timeline for containment, eradication, and recovery. Your breach coach should also be able to help you with compliance and bureaucratic hurdles related to regulations like GDPR and HIPAA.