This year, it’s expected that global cybercrime will inflict at least $6 trillion in United States dollars in damage. About 70% of consumers believe businesses aren’t doing enough to protect their personal information, and with good reason. Even the most protected business could still have a data breach risk, though.
If your company suffers a data leak, it’s essential to have a plan in place. Having encryption and an incident response team could reduce the cost of your breach by over $700,000.
Your data breach response plan can make or break the sustainability of your business after a breach. Do you want to learn more about what to do after a data leak?
Keep reading to learn what to do after a data breach.
Determine What Was Stolen
How sensitive was the information exposed in the leak?
Information like street addresses and full names are the least sensitive. Nosy neighbors or coworkers can easily find out those pieces of information by a simple search online.
Things like dates of birth, email addresses, and payment card numbers are more sensitive. Credit cards, debit cards, and other charge cards are harder to leak and more costly if stolen. While a stolen email or address quickly results in spam, stole card numbers likely leads to fraudulent charges on those cards.
While you might think a date of birth is useless, when it’s combined with other information like a name, it can be used to falsely verify an identity.
Social security numbers, passport numbers, and financial account numbers are considered highly sensitive information. If a hacker gets hold of your name and your social security number, it won’t be difficult for them to pose as you.
As soon as you determine precisely what was stolen, you can hopefully lessen and stop any more damage from being done to both you and your customers.
Put Out a Fraud Alert
You can warn your lenders that you’ve been a fraud victim by initiating an alert.
Ask one of the 3 major credit bureaus (Equifax, TransUnion, or Experian) to add a fraud alert to your business’ credit report. Ask your customers to do the same. Doing this will warn lenders that you might be a victim of fraud.
Whichever bureau you notify will contact the other 2, and they’ll add alerts to their reports as well. The fraud alert will stay on your report for 90 days, but you can always opt to renew the alert when it expires.
Make sure all stolen payment-card numbers are accounted for. Contact the organizations and banks that issued the cards immediately so that they can cancel those cards, reverse any unwarranted charges, and issue new cards.
The sooner you call, the better. Hackers typically attempt as many purchases as possible once card numbers have been stolen.
Secure Your Operations
After a data breach, you must act fast to fix vulnerabilities that led to the data breach. You can start by quickly assembling or hiring a team of experts so that they can perform a comprehensive breach response.
Depending on the size and type of your business, your team might include:
- Information security
- Human resources
- Information technology
- Investor relations
Talk to your legal counsel, too, as they can advise on both state and federal laws potentially implicated by a breach.
If there’s a risk for more data loss, take all your equipment offline, but don’t turn off any of your machines until your team conducts a thorough search.
Change Passwords and Credentials
If hackers used someone’s credentials to create a breach or cracked an employee’s password, they can continue to steal valuable information until those passwords and credentials are changed.
A password management software can help keep your business safe both before and after a breach.
Most hacking-related breaches occur via lost, stolen, or weak passwords. Encourage and enable your employees to change their poor password security and behaviors. Doing so will severely limit your vulnerabilities and strengthen your company’s sensitive data.
A secure password manager helps to keep track of passwords across an organization in a safe and efficient manner. It allows employees and other users to create complex, unique passwords for each and every account. The way a password manager works is by keeping user information safe behind a master password.
This password, created by the user, shouldn’t be shared or stored anywhere.
Other components of a secure password manager are:
- Ability to securely share passwords
- Provides secure log-ins to every website
- Ability to securely auto-fill personal information
- Instant security alerts if and when a site suffers a breach
- Cross-device syncing
- Faster access to data
- Encourages strong password behavior
Stay Alert and Notify
After a data breach, you must notify the appropriate parties. You must notify other affected businesses, any affected individuals, and law enforcement.
Ask your legal team what your legal requirements are, and make sure to stay compliant. If the breach involved electronic health information, for example, you must notify the FTC. In some cases, you have to notify the media too.
If you’re covered by the HIPAA Breach Notification Rule, you have to notify the Secretary of the U.S. Department of Health and Human Services.
Stay aware, eliminate any vulnerabilities, and continue to check for potential new ones regularly.
You Must Act Quickly After a Data Breach
If your company falls victim to a data breach, it can be overwhelming trying to figure out what to do and how to act. However, the more quickly you act, the better chance you have at saving sensitive information and preventing huge monetary losses as a result of the breach.
Talk with your legal team to ensure you notify the appropriate people. Stay alert and eliminate any vulnerabilities. Change passwords and credentials immediately, particularly for areas that suffered a data leak.
Hire a team of experts so that you ensure your business doesn’t suffer any additional breaches down the road.
Are you ready to strengthen the security of your business by utilizing efficient password management software? Contact us to get started and find out how we can help keep your sensitive information safe!