CBIZ
  • Article
October 7, 2024

Cyber Attack Response Checklist for HR Leaders

Table of Contents

HR Leaders play a crucial role in steering organizations through cybersecurity breaches, serving as the backbone of support for their most valuable asset, their people. Your ability to communicatee clearly and swiftly is vital in protecting, information and empowering your workforce, ensuring the organization perseveres.

Use This checklist as a guide to ensure effective and concise communication during and after a cybersecurity incident, helping to maintain clarity and control. Of course, this should be customized to fit the needs and structure of your organization.

Initial Notification to Employees Support Resources
Action: Notify employees of the situation with confirmed information

  • Key Message: “We’re aware of a cybersecurity breach. Crisis. Steps are being taken. Updates will follow”
  • Mode: Email or internal messaging
Action: Offer assistance, such as IT support or identify protection services, especially if data is compromised.

  • Key Message: “Support services are available. Please contact HR if you need assistance.”
  • Mode: Email or resource links
Employee Action Instructions Legal & Compliance Information
Action: Provide clear instruction for immediate employee action (e.g., password resets, system restrictions).

  • Key Message: “Please change your passwords immediately. and avoid using [specific systems]
  • Mode: Email or secure messaging
Action: Communicate and legal obligations or policy changes.

  • Key Message: “Please review and follow our updated cybersecurity policies. Contact HR with questions.”
  • Mode: Email or policy update announcement
Confidentiality Reminder External Communications Policy
Action: Reminder Employees to maintain confidentiality and not spread rumors.

  • Key Message: “Please do not share information externally or speculate internally. Updates will come directly from the incident response team.”
  • Mode: Email or internal memo
Action: Clarify external communications protocol

  • Key Message: “Direct all media or external inquiries to [designated contact]. Do no comment on the situation”
  • Mode: Email or internal notice
Regular Status Updates Final Resolution & Next Steps
Action: Keep employees informed with regular progress updates

  • Key Message: “We have isolated the issue and are containing to monitor the situation. More updates will follow.”
  • Mode: Email or companywide announcement
Action: One resolved, communicate the outcome and next steps.

  • Key Message: “The issue has been resolved. New security measures are in place. Thank you for your cooperation.”
  • Mode: Email or companywide update

© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.

“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.