No one wants to deal with a data breach, but unfortunately, 29% of U.S. businesses have been the victim of one. Even with the best cybersecurity, you still need to be prepared should the worst happen.
Data breaches continue to evolve. That’s why every business, big or small, needs to know what to do if they experience one. A quick and efficient response could make or break your business.
Related: Evolution of the data breach
1. Identify the threat
Your first step is to determine what exactly has happened. Was your system attacked from the outside, or was is internal. Was it a virus, a hacker, or someone “borrowing” your system for bitcoin mining. Before you can fix the problem you need to know what has happened and what systems have been impacted.
2. Contain the incident
Your next step is to quarantine the infected device or system. It’s important to note you should not turn anything off, but you should take everything offline so that any ongoing activity is interrupted. You want to stop the breach from continuing to spread, but if you turn the infected system off you risk deleting or corrupting information that could help you figure out what happened.
3. Change your passwords
Once you have your system back under control it’s important to change all affected passwords and login credentials. At this stage, you may still be figuring out how the breach occurred and you don’t want to risk continued access to any systems.
If you used the same password for multiple devices or accounts, change them all. Don’t make the mistake of only changing your authorization details on the device or network that was compromised. You should change passwords and authentication settings on every device and networks, suspected or not.
4. Initiate your disaster recovery plan
Now that the breach has been contained it’s time put your disaster recovery plan into action. Hopefully, you already have a team assembled to help with the recovery process. Now is the time to get them involved. If you have outside legal counsel it would be a good idea to contact them as well. They can help you understand your legal responsibilities should any personal identifying information have been breached.
5. Monitor your accounts
A data breach is exactly that – a breach. At this stage, you might not know where it came from but you should be alert for any signs of new activity. It’s not uncommon for hackers and other cybercriminals to hold on to the data they’ve breached until the victim has appeared to move past the problem and might be less alert. Have a system in place to detect any changes or unusual activity on your network or accounts.
If financial information was involved you’ll want to contact all relevant institutions and alert them to the breach. They can freeze accounts and place fraud alerts to keep any financial damages to a minimum. You should also contact the major credit bureaus and have them place fraud alerts on your accounts. These alerts are important not only to keep your money and information safe but also to make you aware if anyone attempts to use your information.
6. Notify affected parties
If any client data was breached, now comes the not so fun task of notifying affected people. You need to have a clear idea of the message you want to send out and how to regain the trust of affected parties.
Whether it be a public announcement in the form of a press release, social media update or personal communication, at this point, it’s key that you outline exactly what you’re doing to remedy the issue, what your customers (or clients) could do for extra precaution, as well as your prevention plans for the future. The whole point is to reassure, rather than heighten the frenzy.
7. Consult the professionals
You’re an expert at running your business, not at dealing with a data breach. Bring in outside help from people who deal with data breaches every day. Consider hiring an outside forensic investigation team or work with an IT consultant to figure out exactly what happened.
A lot of security breaches are the result of common and typical mistakes that can hinder your network. Find the root of the problem as soon as you can. Did this happen because an employee let someone outside of the company use their laptop? Did someone plug an infected USB drive into a computer that released malware? Were your passwords not secure enough?
It’s not enough to simply understand the impact of the breach. You need to have a clear idea of what caused the breach so you can take informed steps to prevent any future risks.