A Comprehensive Response Guide to a Data Breach

Data Breach: A Comprehensive Response Guide to a Data Breach

If you’re here, then chances are that your company has experienced or gain unauthorized access to confidential data. Data breaches can be catastrophic to your business, costing you unforeseen dollars in repair and time in mitigating the issue.

Cost of a major data breach occurred : Report 2020- payment card fraud, data security, hashed passwords & password manager

Unfortunately, it took businesses 228 days to identify a data breach in 2020. In addition, it took organizations 80 days to contain a data breach. The amount of time it takes to respond and recover from a data leak is vital to the reputation of your business.

How will you alert your clients that your organization has been targeted by hackers? Will you contact any law enforcement agencies to catch the perpetrators? Creating a response guide before and during a gain unauthorized access will ultimately help you better prepare for a sudden attack.

Below, we’ll outline a comprehensive guide for how you can create a response guide to unauthorized gain access to financial information, customer data in three steps:

  1. Secure Your Operations
  2. Fix Vulnerabilities
  3. Notify Appropriate Parties

Step #1: Secure Your Operations

Annual Number of Data Breaches in United States

After a unauthorized access, the most important thing to do is secure your business from any more attacks. Hackers will take advantage of your organization in any way they can, and their mission is to cause irreparable and widespread damage.

Therefore, you should move swiftly in identifying a major information leakage and securing your operations by following these steps:

Move Swiftly to Secure Your Systems:

The first thing you should do after a data breach is to move quickly and discover the security vulnerabilities that caused the issue. The only thing worse than a data breach is multiple data breaches happen.

Take as much time as you need to ensure that your mistake doesn’t happen again. This means securing all physical areas that were involved in the breach. Lock them and change all access codes.

Consult with both law enforcement and forensic specialists to determine when it’s safe to resume normal business operations.

Mobilize Your Data Breach Response Team:

For most organizations, the IT team will serve as the data breach response team. Contact them immediately to prevent any more harmful data loss. Depending on the nature of your business and severity of the breach, the next steps will vary.

Assemble the Right People to Form a Data Breach Response:

Depending on your company, you may need to contact management, investor relations, communications, human resources (HR), legal, information security, information technology, and other experts.

These experts will help you determine the scope and source of the information leakage. They will also collect evidence and forensic data and outline the necessary steps for remediation.

Lastly, you should consult a legal team to help you understand the federal, state, and local repercussions of a data breach.

Stop the Bleeding:

If possible, remove all affected data from your website and other networks. If this data exists on other websites, contact them and ask that they remove it. Also, make sure you interview everyone who witnessed and document everything they tell you.

Finally, do not destroy any evidence. It will be crucial toward identifying the perpetrators behind the incident.

Step #2: Fix Vulnerabilities

Fix Vulnerabilities - data secure for financial data & protected data

After you’ve taken the necessary steps of securing your business from any more data breaches, you’ll need to focus on containing and repairing all security issues. You can do so by following these critical steps:

Focus on Service Providers:

If you’re like most businesses, you use different service providers everyday, from accounting software to CRMs. Is there a chance that a hacker could have compromised your information from these platforms?

If so, then you’ll need to contact these service providers to inform them about your data breach. This can be helpful in reducing the chances of another breach in the future.

Monitor Your Network Segmentation:

IT departments are privy on segmenting their networks on different servers. This way, if one server is compromised, a hacker can’t access another server. Contact independent forensic investigators to make sure this strategy was effective.

If you need to make any changes to this strategy, feel free to do so now. Network segmentation is a very effective means of preventing a wide-scale data spill. However, you shouldn’t automatically assume that it was successful.

Tie up this loose end to prevent a small vulnerability from worsening over time.

Work with Forensic Experts:

Forensic experts can help you realize if security measures like encryption were enabled after the data breaches. You should also ask them to analyze any and all backup data. By reviewing data logs, you can identify the people who had access up until the time of the breach, and restrict access if necessary.

Make sure you verify all of the data that was compromised by hackers, the number of people affected by the breach, and whether or not you can contact them. After you receive a forensic report, take all of the remediation steps immediately.

Setup a Communications Plan:

After a data spill, it’s important to reach out to all parties that were affected by the target data breach, such as stakeholders, business partners, investors, customers, and employees.

Make sure you avoid making any misleading statements about the unintentional information disclosure and don’t withhold any information that can help these afflicted parties independently protect their identities and information.

Finally, you should never publicly share information that can further put your customers at risk. Make sure you consult with your attorney to learn more about the information you can disclose to all of these parties.

Some information may be confidential data, and some information may be vital for your audience to know.

Anticipate All Urgent Questions:

It goes without saying that data breaches are very serious. People will naturally ask a lot of questions because they’re concerned with dangerous strangers potentially having their sensitive information.

Create accessible and helpful content on your website that will guide your audience in understanding all the details behind the data breaches and how they will be affected. Good communication can lessen your customers’ fears and concerns, save you time and money, and show more transparency in light of a serious situation.

Notify Appropriate Parties

After a major data breaches, it’s your responsibility to notify other affected businesses, individuals, and law enforcement agencies. Below are some tips to help guide you throughout the process:

Follow All Legal Requirements:

All states and territories of the United States (including Washington D.C., the Virgin Islands, Puerto Rico, etc) have set forth legislation requiring all organizations to notify affected parties of data breaches that involve personally identifiable information/sensitive data/sensitive information.

Depending on the type of your business and the information involved in the data leaks, there may be individual regulations and laws relating to your situation. Consult with your attorney to learn more about the laws you’re obligated to follow after a sensitive data leak.

Notify Law Enforcement:

Notify Law Enforcement

After a massive data breach, contact your local police department immediately. Fill out a police report and explain your data breach as an ongoing identity theft situation, form A to Z including phone numbers, personal details. The sooner they know about the situation, the more effective they’ll be in fighting against it.

You should also contact the FBI if you run a large organization and vital information was compromised by a network of perpetrators. If your incident has involved mail theft, contact the US postal service. ‘

This step is important for punishing the individuals responsible for unintentional information disclosure/gain access to financial information.

Understand if the Data Breach Involved EHRs:

Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations are required by law to secure all patient and other confidential health/confidential data records electronically instead of using traditional file cabinet systems.

If these health records are compromised, organizations are required to contact the FTC. Contacting the media is also helpful in informing the general populace if their information has been affected.

In some cases, you’ll need to contact the U.S. Department of Health and Human Services if your organization is covered by the FTC’s Breach Notification Rule.

Notify Affected Businesses:

It’s just not up to you to protect your own data and interests after compromised data/stolen data. The onus falls on you to also notify businesses that have been affected by your breach to prevent data breaches/steal data. For example, if account information (like bank account numbers and credit card information) has been stolen, you should notify these institutions to help them monitor their customers’ financial activity.

Also, if you collect and store any data from other businesses, make sure you inform them that you’ve experienced a unintentional information disclosure/gain access. Even if their information hasn’t been compromised, informing them will help you maintain transparency.

Monitor Stolen Social Security Information:

Monitor Stolen Social Security Information-free credit report of security incident & phone numbers

Arguably, the most private information a US citizen can have is their social security number. With this information, a hacker can have a field day in opening up authorized accounts to their victim’s expense.

If your business collects and stores social security information, you should contact the three major credit bureaus (Experian, TransUnion, and Equifax)  if this information has been stolen.

If your data breach involves a vast number of people, you should advise the credit bureaus of the severity of the situation and recommend that their clients request fraud alerts and freeze their accounts for the time being.

Notify Individuals:

We’re going to cover a lot of ground here because the public has the right to know if their information has been affected after a data breach occured. If you notify your customers that their data has been compromised, they can take the necessary steps to reduce the following damage.

When deciding who to notify about this news, you should consider:

  • Federal and state laws
  • The type of data stolen by hackers
  • The likelihood of future data misuse
  • The potential damage if their data is abused

Furthermore, the FTC recommends that you:

  • Consult with your local law enforcement agency or the FBI to determine the appropriate timing of notifying your customers so that it doesn’t deter the ongoing investigation.
  • Designate a point of contact within your organization to release necessary information to the public and media about the data breach. Give this person relevant information about the data breach, your response, and how your customers should respond as well.
  • Create content, such as letters, whitepapers, and blog posts that communicate all of the information the public expects to know about your data breach. If you don’t have a lot of contact information for your audience, consider reaching out to the media. For extra measure, create a toll-free number to answer the concerns of customers.
  • Consider offering at least one year of free credit monitoring, free credit reports  for customers that have been affected by the data breach. This includes identity restoration and identity theft services, especially if any Social Security information has been stolen. When this information is stolen, hackers can open up accounts in their name.

State breach laws will vary, but generally, you’ll want to communicate:

  • How the breach happened
  • What information was compromised
  • How the hackers have used the stolen information
  • What actions you have taken to minimize the damage
  • What actions you have taken to protect your customers
  • How to reach your organization if there are any questions and concerns

Again, people will naturally be both curious and concerned with how to protect themselves in the midst of a data breach. Ethically, it’s up to your organization to provide helpful information to guide them on this path.

Make sure you provide relevant identity theft data breach prevention instructions from government sources. Also provide actionable tips on how your customers can keep themselves safe in regards to how they interact with your business, such as changing their passwords and more.

Finally, encourage people who have had their information stolen to report the theft to the FTC. All of these efforts will work gradually in finding the perpetrators and bringing them to justice, as well as minimizing the damage of a data breach.

Do You Need New Business Infrastructures?

If your business has been heavily affected by a data breach, it may be time to update your current website and/or mobile app, especially if they were involved in the incident. With that said, we can help.

Contact us today to speak to a member of our team about our world-class software development services.

Ryan is the VP of Operations for DEV.co. He brings over a decade of experience in managing custom website and software development projects for clients small and large, managing internal and external teams on meeting and exceeding client expectations--delivering projects on-time and within budget requirements. Ryan is based in El Paso, Texas.
Connect with Ryan on Linkedin.
Ryan Nead