If you’re like most business owners, data security isn’t the first thing you think about when you arrive in the office. But protecting sensitive material like customer information, employee records and sensitive financial data should be high on your radar because of the damage a potential breach could wreak on all of your hard work.
According to a study sponsored by Symantec, the average cost to U.S. businesses of a data breach is $188 per record. With the average breach size clocking in at 28,765 records, that is one expensive headache you should be motivated to do anything to avoid.
Making matters worse is the unfortunate fact that many businesses lack the in-house expertise and the resources necessary to combat online threats, which is why incidents of hacking and other malicious attacks continue to grow. Even big businesses aren’t immune, with Target, Sony and other big name brands admitting to being hacked.
If you believe your business has been hacked, here are 6 steps you can take to fully respond to and recover from the breach.
1. Get a good understanding of what happened
Bring in outside consultants for a full post-breach audit. You’ll need to know the full the extent of the breach, including how it happened, which computers and accounts were affected, which data was stolen or accessed as well as how much information was compromised and for how long.
2. Seek legal advice
The breach exposes your company to potential legal action, so it’s important that you hire an experienced attorney to help you address the legal issues that may arise. You may be legally required to notify state authorities of the breach, and if hackers gained access to the private information of your customers or employees, you’re likely obligated to alert them as well.
3. Patch the hole
As soon as the experts you hired in step 1 are done with their investigation, take the affected computers, system and network offline. Reformat all infected computers and restore data using clean backups. If the breach occurred due to a software bug, apply the latest patches from the software vendor, or consider migrating to a much more secure platform. If login credentials such as passwords were compromised, reset them and create new, complex passwords for every account. It’s important that you patch every gap in the system.
4. Notify affected parties
Reach out to affected customers and partners quickly and let them know about the breach. Communicate candidly about what happened and outline the steps that you took to fully address the breach as well as lay down the preventive measures you are taking to prevent similar incidents from happening again. Set up a page or a hotline where affected customers and partners can refer to or call if they have questions and other concerns. Being transparent and responsive to your partners and customers is crucial in regaining their trust and confidence in your business.
5. Revisit your security policy and procedures
If you experienced a data breach, it’s safe to say your existing data protection policy isn’t sufficient to protect sensitive data. Using the information gathered by the experts you hired in step 1, revise your data protection protocols and procedures to address all identified loopholes and vulnerabilities. Was the breach caused by a successful phishing attack? If it was, then you should install a more robust spam filter and train your employees in spotting red flags.
6. Check and monitor your credit report
Despite our best efforts, there will be things that will fall through the cracks. That’s how breaches occur in the first place -- a bug in the software or a loophole in the system is left unnoticed until it is found and exploited by an attacker. So, be sure to review your credit report regularly for anything out of the ordinary. Offer the same to your partners and customers as an act of goodwill.
While falling victim to a hack can be costly and crippling, recovery is possible if handled prudently and professionally.
To learn more about data security and other best practices, explore our Learning Center today.
For assistance in keeping your workplace physically secure, talk to our ID experts at 1-800-667-1772. Calls are toll-free. You can also reach us via fax and e-mail. Details are listed in our contact page.
For Further Reading: