Step-by-step checklist for managing a cyber incident. Prepare before it happens.
Verify alerts, logs, user reports.
Unplug the cable / disable Wi-Fi — do NOT power off.
Notify security lead, management, IT provider.
Note everything: who detected, when, what, screenshots.
Ransomware, phishing, data breach, intrusion, DDoS?
Which systems, what data, how many users?
Copy logs, don't reformat, photograph screens.
If yes: GDPR notification obligation within 72h.
Admin first, then all affected users.
Tokens, sessions, API keys, VPN access.
If the exploited vulnerability is identified.
Verify backups aren't compromised.
Legal obligation within 72h (GDPR Art. 33).
Transparency, no panic, measures taken.
Police, Action Fraud, NCSC.
Timeline, impact, measures taken, lessons learned.
Printable version with space for notes and verification dates.
Fusion AI monitors, detects and resolves — 24/7, automatically.