Family Incident Response

Your Family's Incident Response Playbook

Security incidents aren't a matter of "if" — they're a matter of "when." Data breaches are announced almost daily, and eventually one will include your information. What separates a minor inconvenience from a catastrophe is how quickly and effectively you respond.

The first 60 minutes after discovering an incident are the most critical. Having a plan means you act instead of panic.

Types of Incidents You Might Face

Account Compromise: Someone gains access to one of your accounts — email, social media, banking, cloud storage. Signs include: unexpected password reset emails, unfamiliar login notifications, posts you didn't make, or emails you didn't send.

Data Breach Notification: A company you have an account with announces a breach. You receive a notification that your data was exposed — this could include email, password hash, SSN, credit card numbers, or other personal information.

Financial Fraud: Unauthorized transactions on your bank account or credit card. Unexpected credit applications. Collection calls for debts you didn't incur.

Identity Theft: Someone using your or your child's identity to open accounts, file taxes, obtain medical care, or commit crimes.

Device Compromise: Malware on a family member's computer or phone. Ransomware encrypting files. Suspicious behavior from a device.

Doxxing or Harassment: Personal information (address, phone, employer, children's school) posted publicly online with malicious intent.

The Universal First Steps

Regardless of incident type, these first steps apply:

Step 1: Contain (Stop the Bleeding)

• Change the password of the affected account immediately
• If you can't access the account, initiate account recovery
• If a device is compromised, disconnect it from the network (Wi-Fi off, unplug ethernet)
• If financial fraud, call your bank's fraud line (the number on the back of your card)

Step 2: Assess (Understand the Scope)

• What was compromised? (Account, data, device, identity)
• What information was exposed? (Email only? Password? SSN? Financial data?)
• When did it happen? (Check account activity logs, bank statements)
• What other accounts might be affected? (Same password used elsewhere?)

Step 3: Secure (Prevent Escalation)

• Change passwords for any account using the same or similar password
• Enable 2FA on all accounts, starting with email
• Check email forwarding rules (attackers often set up silent forwarding)
• Review recent account activity for unfamiliar actions

Step 4: Document (Preserve Evidence)

• Screenshot everything: account activity, suspicious emails, unauthorized transactions
• Note dates and times
• Save emails and notifications (don't delete them)
• Keep a log of every action you take and every organization you contact

Step 5: Report (Notify Appropriate Parties)

• For financial fraud: Your bank, credit card company
• For identity theft: FTC at identitytheft.gov
• For cybercrime: FBI's IC3 at ic3.gov
• For data breaches: Monitor the company's official response for free credit monitoring offers
• For children's data: Also notify your state's attorney general

The Incident Response Folder

Create a physical folder (yes, physical — in case your devices are compromised) containing:

• Emergency contact numbers:
  • Bank fraud lines (all accounts)
  • Credit card fraud lines (all cards)
  • Credit freeze PINs for all three bureaus
  • Local police non-emergency number
  • Insurance agent
  • Attorney (if applicable)
• Account recovery information (stored in your password manager, but printed as backup)
• A checklist summarizing the steps above

Store this folder somewhere accessible but secure — your fire safe, a designated drawer. When an incident happens at 11 PM on a Saturday (they always happen at the worst times), you don't want to be Googling phone numbers.