๐Ÿšจ Cyber Incident Response โ€” If you are actively under attack, call your cyber insurer and IT provider immediately before using this form.
๐Ÿšจ Breach Response

Cyber incident response

If you suspect or have confirmed a security breach, follow this checklist. Time matters โ€” every hour of delay increases the damage.

๐Ÿ›ก
Cyber insurance
Call your insurer immediately โ€” most policies require notification within 24 hours
โš–
Legal counsel
Privacy breach has legal implications โ€” get counsel before communicating externally
๐Ÿ’ป
IT / MSP
Your managed service provider needs to contain and investigate
๐Ÿ
Privacy Commissioner
Office of the Privacy Commissioner: 1-800-282-1376

72-hour response checklist

0โ€“1 hr
Contain the breach
โ†’Disconnect affected systems from the network
โ†’Change all administrator passwords immediately
โ†’Preserve logs โ€” do not delete anything
โ†’Document everything with timestamps
1โ€“4 hrs
Assess the damage
โ†’Identify what data was accessed or exfiltrated
โ†’Determine how the attacker got in
โ†’Identify all affected systems and accounts
โ†’Contact your cyber insurance provider
4โ€“24 hrs
Notify stakeholders
โ†’Contact your legal counsel
โ†’Brief your leadership team
โ†’Prepare customer notification if personal data was involved
โ†’Engage an incident response firm if needed
24โ€“72 hrs
Regulatory notification
โ†’Report to the Office of the Privacy Commissioner if PIPEDA applies
โ†’Report to the CAI if Quebec Law 25 applies
โ†’Notify affected individuals if there is real risk of significant harm
โ†’Document all notifications with timestamps
Log this incident in Guardlyne

Logging an incident creates a timestamped record that may be required for insurance claims and regulatory notifications.