Data breaches are on the rise, and no company is safe. Unfortunately, most small-medium-sized businesses will suffer a breach and data loss without proper precautions. Here is what to do after your company suffers a data breach, and more importantly, what not to do.
Dos on What to Do After a Data Breach
It's essential to take immediate steps after a data breach, including investigation, containment, and prevention. Even small companies should have a disaster recovery plan that clearly defines each action following a data breach. An effective incident recovery plan can help your company get back up and running quickly without too much disruption.
Some of the things to do immediately following a data breach include:
Contain the Problem
First, you must contain the problem. Do so by isolating the systems, files, and data affected. Most data breaches involve a malware component and could continue to monitor and steal information if you don’t find and clean it.
Go offline to secure the remaining data. This may mean manually disconnecting servers and other hardware from the network to preserve clean data that has not been violated.
Use sophisticated forensic tools to identify the breached information and how that will affect the rest of the company. Your entire IT department should work to stop the data leak, secure network resources, and identify where the problem originated. Then, they need to work together to determine how to patch it.
Track the Breach
After you have secured your network and stopped the bleeding, you need to track the breach. Follow the path the hackers took to gain entry. This critical process will show you where your weaknesses lie so you can patch them.
Hire forensic experts to perform this step if you cannot do it yourself. Reputable organizations use pen testing to identify weak areas and may suggest a proper course of action to secure vulnerable systems.
Employ Legal Counsel
As a result of the data breach, you could experience some legal issues depending on what type of data was stolen and potentially leaked. For example, if your employees' email records were breached, sensitive and personal information could lead to identity theft. Before someone decides to sue you, secure legal counsel to advise you on handling breach-related issues.
Your attorney can also help draft a public statement and work with government officials on your behalf if you are subject to fines, sanctions, and other penalties after a data breach.
Don'ts on What to Do After a Data Breach
Along with taking steps immediately following a data breach, you can also help prevent a breach from happening. These steps include:
Mess Around with Data Trying for a Quick Fix
Do not mess around with the data looking for a quick fix. You must leave things in place to trace the breach and identify what happened. If law enforcement is involved, you don't want to contaminate the crime scene before forensic experts can evaluate what happened and how.
If someone from your organization jumps in and quickly tries to restore things from a backup, you could lose valuable evidence that points to the criminals responsible. As tempting as it might be to fix things quickly, slow down and think it through so you don't make things worse in the long run.
Go Public Immediately and Take a Defensive Stand
Be very careful about how you position information surrounding your data breach to the public. Before you inform customers, vendors, employees, and others, take the time to draft an honest but reserved statement.
Do not take a defensive stance. It will hurt your company's credibility. Instead, take responsibility and assure the public that you are working closely with law enforcement to find the responsible parties and bring them to justice. Also, reassure everyone that you have found the source and plugged the holes to prevent any further damage.
Employ Third Parties to Fix the Issue
If you have the expertise and workforce, keep the issue in-house. Don't rely on third parties to fix the problem unless you have no other choice. If you have a trusted forensic IT company that you have used in the past, you can ask for their help tracing the breach and identifying vulnerabilities to prevent future damage. However, it is best to use your own information technology staff to handle everything in-house to control information and how you communicate the event's progress to the outside world.
Experiencing a data breach is a big deal for any size company. You may have lost thousands or even millions when it's all said and done. Additionally, breaches can damage your reputation, and you might have to work hard to rebuild trust with your customers and vendors. However, following these dos and don'ts, you should come out of it stronger and more secure than ever before.
Top comments (0)