3 Critical Steps You Need to Take After a Data Breach

It’s something no small business owner wants to experience: the feeling of sheer panic when employee and client data has been compromised by a hacker. According to the Cost of a Data Breach Report, conducted by IBM in partnership with the Ponemon Institute, 80% of breached organizations stated that customers’ personally identifiable information was compromised during the breach, far more than any other type of record. Small businesses can be greatly impacted by a security breach where customer information is stolen, as it erodes trust between the customer and the business. 

Luckily, there are three things you can do immediately following a data breach that will help you regain your clients’ trust and prevent future breaches. 

Assess the Extent of the Breach

Your IT team will need to determine what data has been compromised. If you are reading this prior to a breach, establish now who on your IT team will resolve breaches so they can address the situation as soon as possible when it occurs. After a breach occurs, immediately take action to prevent unauthorized outside access. Your IT team should immediately take your network offline and if possible, isolate the affected servers. If an employee account was used in the attack, revoke that account’s privileges immediately and have other employees change their passwords as well. 

Inform Your Clients

Once the breach is under control, you will need to swiftly alert your affected clients to the breach. Be as honest and specific about what data was compromised when you inform clients that a breach has occurred. By letting clients know there was a data breach right away, you give them a better chance to protect their identities. Clients may need to change other passwords and usernames, freeze/cancel their credit cards, and change their bank account numbers. Waiting days to let your clients know a data breach has occurred leaves them vulnerable to identity theft: try to let them know as soon as possible. Finally, if you are able, consider covering the cost of identity protection services for your affected clients. When your company’s data has been breached, you can win back some of your clients’ trust by offering identity protection services at your expense. 

Prepare for the Future

This may have been the first attack on your business’s data, but it likely won’t be the last. Next time, you’ll be prepared. If your breach was due to human error, take steps to reduce the likelihood of these incidents in the future. Consider requiring data security training for employees, automating processes that leave your business vulnerable to attacks, and introducing new software to protect the network in case an error is made. Your IT team may need to evaluate the current security technologies in place and invest in next generation protection through endpoint detection and response and multi-layered business class firewalls on the perimeter. Hiring a managed service provider to oversee your security and data protection is a great option for many organizations. It places your security in the hands of experts, ensures you’re using the best and most secure technologies, are up to date with systems patching and updates, and ensures someone is monitoring your network 24/7 for any issues.