If you’re here, then chances are that your company has experienced a data breach. Data breaches can be catastrophic to your business, costing you unforeseen dollars in repair and time in mitigating the issue.
Unfortunately, it took businesses 228 days to identify a data breach in 2020. In addition, it took organizations 80 days to contain a data breach. The amount of time it takes to respond and recover from a data breach is vital to the reputation of your business.
How will you alert your clients that your organization has been targeted by hackers? Will you contact any law enforcement agencies to catch the perpetrators? Creating a response guide before and during a data breach will ultimately help you better prepare for a sudden attack.
Below, we’ll outline a comprehensive guide for how you can create a response guide to a data breach in three steps:
After a data breach, the most important thing to do is secure your business from any more attacks. Hackers will take advantage of your organization in any way they can, and their mission is to cause irreparable and widespread damage.
Therefore, you should move swiftly in identifying a major data breach and securing your operations by following these steps:
Move Swiftly to Secure Your Systems:
The first thing you should do after a data breach is to move quickly and discover the security vulnerabilities that caused the issue. The only thing worse than a data breach is multiple data breaches.
Take as much time as you need to ensure that your mistake doesn’t happen again. This means securing all physical areas that were involved in the breach. Lock them and change all access codes.
Consult with both law enforcement and forensic specialists to determine when it’s safe to resume normal business operations.
Mobilize Your Data Breach Response Team:
For most organizations, the IT team will serve as the data breach response team. Contact them immediately to prevent any more harmful data loss. Depending on the nature of your business and severity of the breach, the next steps will vary.
Assemble the Right People to Form a Data Breach Response:
Depending on your company, you may need to contact management, investor relations, communications, human resources (HR), legal, information security, information technology, and other experts.
These experts will help you determine the scope and source of the data breach. They will also collect evidence and forensic data and outline the necessary steps for remediation.
Lastly, you should consult a legal team to help you understand the federal, state, and local repercussions of a data breach.
Stop the Bleeding:
If possible, remove all affected data from your website and other networks. If this data exists on other websites, contact them and ask that they remove it. Also, make sure you interview everyone who witnessed and document everything they tell you.
Finally, do not destroy any evidence. It will be crucial toward identifying the perpetrators behind the incident.
After you’ve taken the necessary steps of securing your business from any more data breaches, you’ll need to focus on containing and repairing all security issues. You can do so by following these critical steps:
Focus on Service Providers:
If you’re like most businesses, you use different service providers everyday, from accounting software to CRMs. Is there a chance that a hacker could have compromised your information from these platforms?
If so, then you’ll need to contact these service providers to inform them about your data breach. This can be helpful in reducing the chances of another breach in the future.
Monitor Your Network Segmentation:
IT departments are privy on segmenting their networks on different servers. This way, if one server is compromised, a hacker can’t access another server. Contact independent forensic investigators to make sure this strategy was effective.
If you need to make any changes to this strategy, feel free to do so now. Network segmentation is a very effective means of preventing a wide-scale data breach. However, you shouldn’t automatically assume that it was successful.
Tie up this loose end to prevent a small vulnerability from worsening over time.
Work with Forensic Experts:
Forensic experts can help you realize if security measures like encryption were enabled after the data breach. You should also ask them to analyze any and all backup data. By reviewing data logs, you can identify the people who had access up until the time of the breach, and restrict access if necessary.
Make sure you verify all of the data that was compromised by hackers, the number of people affected by the breach, and whether or not you can contact them. After you receive a forensic report, take all of the remediation steps immediately.
Setup a Communications Plan:
After a data breach, it’s important to reach out to all parties that were affected by the data breach, such as stakeholders, business partners, investors, customers, and employees.
Make sure you avoid making any misleading statements about the data breach, and don’t withhold any information that can help these afflicted parties independently protect their identities and information.
Finally, you should never publicly share information that can further put your customers at risk. Make sure you consult with your attorney to learn more about the information you can disclose to all of these parties.
Some information may be confidential, and some information may be vital for your audience to know.
Anticipate All Urgent Questions:
It goes without saying that data breaches are very serious. People will naturally ask a lot of questions because they’re concerned with dangerous strangers potentially having their sensitive information.
Create accessible and helpful content on your website that will guide your audience in understanding all the details behind the data breach and how they will be affected. Good communication can lessen your customers’ fears and concerns, save you time and money, and show more transparency in light of a serious situation.
After a major data breach, it’s your responsibility to notify other affected businesses, individuals, and law enforcement agencies. Below are some tips to help guide you throughout the process:
Follow All Legal Requirements:
All states and territories of the United States (including Washington D.C., the Virgin Islands, Puerto Rico, etc) have set forth legislation requiring all organizations to notify affected parties of data breaches that involve personal information.
Depending on the type of your business and the information involved in the data breach, there may be individual regulations and laws relating to your situation. Consult with your attorney to learn more about the laws you’re obligated to follow after a data breach.
Notify Law Enforcement:
After a data breach, contact your local police department immediately. Fill out a police report and explain your data breach as an ongoing identity theft situation. The sooner they know about the situation, the more effective they’ll be in fighting against it.
You should also contact the FBI if you run a large organization and vital information was compromised by a network of perpetrators. If your incident has involved mail theft, contact the US postal service. ‘
This step is important for punishing the individuals responsible for the data breach.
Understand if the Data Breach Involved EHRs:
Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations are required by law to secure all patient and other confidential health records electronically instead of using traditional file cabinet systems.
If these health records are compromised, organizations are required to contact the FTC. Contacting the media is also helpful in informing the general populace if their information has been affected.
In some cases, you’ll need to contact the U.S. Department of Health and Human Services if your organization is covered by the FTC’s Breach Notification Rule.
Notify Affected Businesses:
It’s just not up to you to protect your own data and interests after a data breach. The onus falls on you to also notify businesses that have been affected by your breach. For example, if account information (like bank account numbers and credit card information) has been stolen, you should notify these institutions to help them monitor their customers’ financial activity.
Also, if you collect and store any data from other businesses, make sure you inform them that you’ve experienced a data breach. Even if their information hasn’t been compromised, informing them will help you maintain transparency.
Monitor Stolen Social Security Information:
Arguably, the most private information a US citizen can have is their social security number. With this information, a hacker can have a field day in opening up authorized accounts to their victim’s expense.
If your business collects and stores social security information, you should contact the three major credit bureaus (Experian, TransUnion, and Equifax) if this information has been stolen.
If your data breach involves a vast number of people, you should advise the credit bureaus of the severity of the situation and recommend that their clients request fraud alerts and freeze their accounts for the time being.
We’re going to cover a lot of ground here because the public has the right to know if their information has been affected after a data breach. If you notify your customers that their data has been compromised, they can take the necessary steps to reduce the following damage.
When deciding who to notify about this news, you should consider:
Furthermore, the FTC recommends that you:
State breach laws will vary, but generally, you’ll want to communicate:
Again, people will naturally be both curious and concerned with how to protect themselves in the midst of a data breach. Ethically, it’s up to your organization to provide helpful information to guide them on this path.
Make sure you provide relevant identity theft prevention instructions from government sources. Also provide actionable tips on how your customers can keep themselves safe in regards to how they interact with your business, such as changing their passwords and more.
Finally, encourage people who have had their information stolen to report the theft to the FTC. All of these efforts will work gradually in finding the perpetrators and bringing them to justice, as well as minimizing the damage of a data breach.
If your business has been heavily affected by a data breach, it may be time to update your current website and/or mobile app, especially if they were involved in the incident. With that said, we can help.
Ryan is the VP of Operations for DEV.co. He brings over a decade of experience in managing custom website and software development projects for clients small and large, managing internal and external teams on meeting and exceeding client expectations–delivering projects on-time and within budget requirements. Ryan is based in El Paso, Texas.