How Businesses Should Respond After a Data Breach
After a data breach, businesses may put more resources into a third-party monitoring service or build a dedicated cybersecurity team. Once the issue has been identified and resolved, it’s time to address customers whose data may have been exposed.
On average, companies around the globe take over 140 days to identify a data breach. In most cases, businesses only learn about a potential incident through a news report or law enforcement.
It’s important to understand such incidents do not solely affect your business operations. Rather, all stored client information has the potential to be stolen and exploited. At this stage, ignoring your customers can not only damage your reputation but also affect how much business you do in the future. Before this happens to you, learn how to prepare.
Basic Data Breach Recovery Plan
Start by developing a plan to carry out your recovery efforts. Beyond getting your business back up and running, make sure to consider the following:
- Conduct a thorough investigation into the incident. You should know what and how the breach happened, as well as what you need to do to prevent a future incident. Consider working with third-party security and digital forensic professionals to understand the full extent of the damage.
- Notify customers and clients. All states have reporting laws, so make sure your recovery complies with these requirements. Failing to notify these parties could place you in significant legal trouble.
What to Do After a Data Breach
The Federal Trade Commission (FTC) provides recommendations for how to proceed after your business identifies a data breach, including:
- Securing operations and assets. Continuing to operate as normalcould leave you vulnerable to a second breach. In the short term, have all user credentials and passwords updated, and the network actively monitored.
- Knowing who’s responsible for carrying out the breach response. These efforts will extend from information technology, security and digital forensics to legal, human resources, management, communications and investor relations.
- Starting an investigation. Have your information technology and security teams work with an outside digital forensics investigator to piece together what happened and the impact. Ensure any malware installed on your system is removed.
- Cleaning up the damage. As the investigation continues, remove or update any changes the hacker made and attempt to remove any stolen data from third-party websites. Also address and fix any network vulnerabilities to make sure the stolen information is less accessible.
- Starting outreach efforts. Have your PR department reach out to affected clients, partners and investors to inform them of what happened, how they may be affected, and ways to protect their information. Provide resources to monitor accounts for fraudulent activity and prepare for questions from these parties. Consider using the FTC’s data breach response letter template.
- Contacting law enforcement. Due to potential identify theft risks, the incident should be reported. Local law enforcement, the FBI or Secret Service may be handling and investigating the breach. If it involved electronic medical records, you’ll also need to contact the FTC and Department of Health and Human Services.
Following the Data Breach
Along with investigating the incident, securing your data and notifying clients, be sure to:
- Set up fraud, identity theft and credit card monitoring for your clients.
- Consider reputation management, based on the severity of the breach and any delays in reporting the incident.
- Develop a cybersecurity plan moving forward, from software and hardware updates to more active network monitoring and employee training.
- Notify your insurance carrier. Based on the breach, your policy can offer assistance with recovery costs related to ransomware demands, repairing vulnerabilities, conducting a digital forensic investigation, fraud monitoring and PR.
Nearly half of all breaches involve small businesses. Work with an experienced agent at HUB/Ion Insurance to ensure you are protected in the event of a cybersecurity incident. Contact us for a cyber liability insurance quote today.