What Should You Do if You've Had a Data Breach?

If your business hasn’t suffered a data breach yet, there is a good chance it will in the near future. According to the Ponemon/Keeper Security 2018 State of Cybersecurity in Small & Medium Size Businesses report, two-thirds of SMBs experienced a cyberattack within the last 12 months.

All too often a data breach can lead to reputation damage and potentially litigation and fines, depending upon what type of information was breached. The free security assessment offered by Technology Visionaries helps ensure businesses have proper defenses built into their technology environment to prevent breaches.

But what do you do if you’ve already had a data breach?

Usually, some of the first instincts are either denial that it’s really that bad or panic about what to do next.

Companies that make a misstep after their network has been breached, can end up with much higher long-term costs and potentially loss of their business altogether.

60% of small businesses have to close their doors within six months of suffering a data breach.

Important Steps to Take if Your Network Has Been Breached

A swift and well-planned response helps to mitigate damage from a data breach. It’s best to have a checklist ready to go that can be referred to in the event of a cyberattack, so you’re not trying to come up with a plan during a time of crisis.

Here are key things you need to do immediately after you’ve discovered you’re the victim of a data breach.

Secure the Breach

Once you’ve discovered the attack, the first thing you should do is to quickly secure your systems, repair any vulnerabilities that allowed the breach, and ensure your network and devices are free of viruses or malware. 

You’ll want to enlist the help of your IT professional and if your website has been breached or attacked, you may need a web administration team or consultant on hand as well to get your site back up and running.

You’ll want to have all user and administrative passwords to all programs and websites changed (be sure to use strong passwords and two-factor authentication if possible).

Identify What Information Was Exposed

You’re going to need a team of experts to help identify exactly what information was exposed and potentially stolen and how the criminal was able to gain entry to your system. It could be through stolen credentials, an unpatched operating system vulnerability, or any number other ways.

The more details you uncover as to the source and nature of the breach the better foundation you’ll have for a response and for your breach notifications.

Fix Any Vulnerabilities

Use the information from your investigation as to how the hacker gained entry into your network to shore up those vulnerabilities. You don’t want another attack to happen while you’re still in the middle of dealing with the one that just occurred.

Ensure all sensitive data is protected and backed up to a secure environment so it’s not at risk of being deleted or scrambled by ransomware or another malicious code.

Notify Appropriate Parties

Notification of the breach in a timely and transparent manner is important if you want to retain as much trust as possible from your customers. You may also have regulatory requirements under guidelines like HIPAA or FINRA that can mean hefty fines if you don’t make notifications as required.

You’ll want to be sure to be aware of any local data privacy regulations that your business falls under as well as the larger national ones that are industry specific.

Some of the entities that you’ll want to consider notifying are:

  • Customers (businesses & individuals) whose data has been breached
  • Employees (and what to say about the breach if asked)
  • Law enforcement
  • Investors and other company stakeholders
  • Organizations with data privacy reporting policies (HIPAA, etc.)

If sensitive information, such as names and social security numbers have been exposed, then it’s a good idea to proactively contact the three major credit reporting agencies and ask their advice on information that you can relay to those impacted. These agencies are:

  • Equifax: equifax.com 
  • Experian: experian.com 
  • TransUnion: transunion.com

If you’re unsure of what to include in a notification, the Federal Trade Commission (FTC) has a model breach notification letter that you can use as a guide (scroll down to see it).

Update Your Cybersecurity Policy Guide

Once you’ve gone through a data breach response, there are bound to be some things that you’ll need to update in your cybersecurity policy guide. It may be a step that you didn’t foresee that needs to be added or something that was better done differently than initially planned.

It’s important to keep this document always evolving to ensure your strategy is as strong as possible to mitigate risk and reduce negative impacts to your business.

Have You Done Data Breach Response Training Lately?

You don’t want the first time your team practices their data breach response to be when a real one has just occurred. Technology Visionaries can help prepare your team with response training and can ensure you have best practices in place in a cybersecurity policy guide.

Call us to help with any and all data security needs. We’re here for you at 732-587-5960 or through our website.