Theft can be upsetting no matter what type of loss is experienced. The worst type of theft, however, is when you realize hackers might have taken personal information from your server or was compromised through a breach of your transaction system. When you realize that your business might have been compromised in some way, you may be wondering what to do next.
There are some very specific steps you should take in case you think your business may have been breached. While you may not have to do every one of these steps because actions depend on the type of breach and business you operate, it does provide a comprehensive plan of action that is necessary to secure your operations, make some key changes to prevent it from happening again, and alert your customers and other stakeholders about what happened.
Although you may feel like a deer frozen in the headlights because of the shock of the possible business breach, you need to move and act swiftly. Since one hacker found his way in, they tend to share information on vulnerable businesses with each other so more attacks could be imminent. The faster you act to secure your operations, the better your chances of blocking any other breaches.
Lock down those areas related to the breach and be prepared to undergo some downtime for your business during the investigation period. This time will vary, so you may want to put together some type of action plan to address the downtime with your customers, including a message on your website or voicemail. You most likely will also have to update passwords and credentials because these were probably the point of compromise used by the hacker.
You'll need to get help with securing your operations, such as bringing in independent forensic investigators who know what to look for and can determine the scope and source of the breach. They can collect evidence and provide recommendations on how to secure your systems and equipment in conjunction with your IT team.
Separate any forensic evidence that will be needed for investigation and remediation. Also, have anyone that may have known about the breach, or who discovered it, on hand for interviews with investigators.
Get Legal Advice
You will also have to seek legal counsel from an agency that has experience dealing with data security so that they can advise you about the laws and implications of this data breach. This is because the data breach has now potentially put you in the position of potential lawsuits, as well as fees and penalties related to any non-compliance that led to the data breach. It's important to get a legal team on your side as soon as possible.
Contact Law Enforcement and Potential Victims
Your legal team will help shape how and what you say to law enforcement, as well as how you inform potential victims and make a public announcement about the data breach. Going beyond local law enforcement, you may need to contact the local FBI office to get assistance.
It's important to develop a communication plan that addresses all stakeholders, including customers, employees, investors, business partners and the media. Be forthright with information on the data breach so that your audience knows how to protect themselves and their information. Create a list of potential questions that you will most likely get asked and have clear answers. Don't hide from this problem because it will put your customers at risk and also damage your reputation. It may even end up costing you more money if you attempt to put your hand in the sand.
Most states, including other territories like Puerto Rico, District of Columbia, and the Virgin Islands, require that you notify those victims whose personal information was compromised during the breach. Make sure you coordinate this communication effort with law enforcement to make sure it doesn't get in the way of their investigation. Select a contact person in your organization who can share the information, contact each person, and work with these individuals. Provide a way that they can contact you for more information, such has a phone number, email address, or website that will have information.
One approach to alleviate some of the tension that will arise with these individuals is to give them some type of service, such as a free year of credit monitoring, as well as information on how they should address the breach, including where to go to ensure that thieves are not opening accounts in their name. This includes information for the IRS Identity Specialized Unit (1-800-908-4490), as well as refer them to sites like IdentityTheft where they can get more assistance on what to do if their data has been compromised, learn how to file a complaint with the FTC, and understand how they can recover from such a breach.
There's going to be plenty of work that will need to be done in order to fix the vulnerabilities that were identified. This includes potentially finding new service providers if the ones you had did not protect you as well as you thought. Get the assistance of the forensic experts who can determine all the vulnerabilities that need to be fixed, including encryption measures, backup data, logs, and access points. The reports produced by forensic experts will shape what you need to do going forward.
You will also want to implement further security layers and a security plan that provides further training to your company on what to look out for in relation to a potential data breach. This investment is well worth the money because it can help to prevent future data breaches that cost you time, money, customers, and that sterling reputation you have worked so hard to achieve. The return will be in the form of greater security and confidence among your customers that you will keep their personal information secure.
However, that's not to say that a data breach will never happen again, so be sure to develop a contingency plan should it occur. Also, plan on reviewing your security measures at least once a year to see if there is anything you can proactively do to bolster the security you have in place. Diligence will be a must going forward no matter how much security you throw at your operations because criminals are busy thinking up new ways to break in.