We may not realize it or want to think about it, but every business that has a website or accesses the Internet is constantly under attack. It’s true. Hackers are always on the lookout for a way in to steal valuable information – and your business could be next. Knowing how to deal with a breach before one occurs could save you precious reaction time and prevent you from paying out massive fines, legal fees, and losing the bulk of your customers if you ever become a hacker’s target.
- Plan for it. Reading this article is a good first step. Educate the necessary individuals in your organization about the dangers of a data breach and what their roles would be in dealing with it. PR/Marketing, IT, Human Resources, and Legal are likely going to be the most heavily involved departments.
- Investigate. Once a breach occurs it’s important to immediately assess the damage. Figure out who was affected: Was it your employees? Was it your customers? And determine what was taken (social security numbers and credit card numbers are the most common targets).
- Notify. Once you know the scope of the damage, it’s time to notify the affected parties and in some cases, law enforcement. Familiarize yourself with your state’s laws and the FTC and PCI guidelines for notification. The more quickly you notify those affected of the attack, the sooner they can take the necessary steps with their own credit card company and will make damage control much easier. It may also be necessary for your Public Relations team to craft a press release for full disclosure to the media. No matter how large, it’s always better to face a data breach head on, rather than attempt to sweep it under the rug.
- Repair. It’s time to pick up the pieces. Identify the point of entry into your system and do whatever is necessary to ensure the safety of your data. Don’t just focus on repairing the single point of intrusion though, fix all web security vulnerabilities to prevent another attack. It may be necessary to hire a third party professional to fully analyze your system and give you the green light that you’re good to go.
It’s likely that you will see a security breach in your system at some point, if you haven’t already, but expecting it and planning how you will react to one is a great way to protect your data and your customers.
How do you plan for a data breach?