A company has become aware of a potential data breach that may have exposed sensitive customer information. In anticipation of possible litigation, which of the following actions is the BEST to ensure proper preservation of electronic evidence?
Limit access to the compromised systems exclusively to members of the legal team until the situation is resolved.
Take regular system backups to ensure any deleted files can be recovered during the investigation process.
Prepare and distribute a legal hold notice to appropriate personnel, and suspend any automated data deletion or overwriting policies.
Isolate the affected network segment to prevent further unauthorized access and contain the breach.