Have an "incident response plan" to determine who needs to do what, when, and how. Do this now before an incident so that you know exactly what needs to be done in the aftermath.
When a phishing scam does occur:
Be transparent with your teams, clients, and partners. You don't want to hide it.
Have a sense of urgency. Be timely about relaying the vulnerability information.
Heed a high level of responsiveness. If people are telling you something's wrong, it goes a long way to take it seriously and respond.
Once the dust settles, do a forensic analysis to determine where was the entry point? How did we get scammed? How did it affect our systems?
Educate and equip your teams with methods to identify phishing scams. Internal training is key and will likely become a new job requirement for most folks.
Sign up for Computerworld eNewsletters.