Most businesses are forced to close shop after experiencing a data breach and those that manage to stay open rarely reclaim the success they experienced prior to the breach. You can’t undo a data breach once it has happened to your business, but you can help mitigate the damage of a data breach and save your company’s reputation if you respond correctly.
Early warning signs that your business has been breached include erratic behavior of your computers such as new software suddenly appearing on your hard drive, new features mysteriously added to your web browser toolbar, and antivirus software settings that are changed or turned off without your prior knowledge.
The Hartford suggests taking the following steps if your business experiences a data breach:
1. Investigate the Breach
You need to investigate whether the warning signs you are experiencing are the result of an actual breach or a software glitch. You can rule out a software glitch by consulting with the software manufacturers of the programs that you are using. If it turns out you’re dealing with a data breach, you will need to identify:
- All the computer systems and applications affected
- The origin of the breach
- The identity of all victims including customers, employees and vendors
2. Contain the Breach
Your top priority for containing a data breach is to shut off all possible avenues the breach could be coming through and stop traffic to those affected areas. This includes:
- Rerouting network traffic
- Obtaining an uninfected backup copy of critical data and restoring it to a new network
- Abandoning the previous infected network
- Changing all passwords
You should also keep track of all the costs and expenses involved in containing the data breach as this will be needed when you file a criminal report and a data breach insurance claim.
3. Notify Those Affected
In the notification phase of a data breach response plan it is important that affected victims learn of the breach from you and not from the media or other sources. Because your company’s reputation and sheer existence is on the line, how well you manage notifications and when you notify possible victims is of critical importance.
- The first people that you want to notify are managers and the affected employees.
- From there you should notify your local law enforcement agency and the FBI. Both agencies have a vested interest in cyber and data security and can guide you on how to contain your data breach and when to notify customers and vendors.
- If you have data breach insurance, notify your carrier as well.
4. Manage Customer and Public Relations
How you break the news of the breach to your customers, vendors and the public can be a strong determining factor of whether your business survives or closes. It’s common to send out an email, but it’s also a very good idea to set up a call center to handle questions that affected individuals may have. In your communications, it’s important to accept responsibility, explain why the breach happened and the steps you are taking to make things right.
It’s also important that you explain how you will prevent this from happening in the future and invite affected individuals to discuss this situation with your company. Lastly, if you’re providing credit monitoring or any other service or special offer, include information on that in your notifications.
5. Learn How to Prevent Data Breaches from Happening in the First Place
The best data breach response plan is one you never need. It’s imperative that you take all necessary steps to protect your business – and customers – from falling victim to a data breach. Download your free copy of How to Safeguard Your Business from Data Breaches. This 30-page e-book provides information you can use to help protect your business – and its reputation – from a cyber-attack.
A data breach can happen at any time and small businesses are common targets. Knowing your business is vulnerable to cyber-attacks, don’t let another day go by feeling unprepared.
Source: The Hartford