By James Turner
Cyber security has emerged as a top priority as America’s largest retailers like Home Depot and Walgreens recently experienced hacks, which stole customer information. Unfortunately, many small and medium-sized businesses don’t realize hackers target them until it’s too late. Hackers typically look for the easiest system with the most reward to break into. As corporations beef up their security, smaller organizations might become the next tempting target for hackers. This reward can be based upon multiple reasons, such as profit, protest, challenge and even enjoyment.
What You Can Do Today to Prepare for a Data Security Breach:
- Review how you collect and store your customers’ personal data to ensure its security.
- Determine how your company would want to respond to your customers in the event of a breach.
- Develop a public relations crisis plan, including strategies on whether you would issue a press release to the media.
- Have a data security breach notification kit on hand, with a template for a notice letter that complies with all state laws on the topic, relevant web sites and governmental materials for reference.
- There are five steps you can take to minimize the impact if your system is compromised.
Prevent Further Data Loss & Restore
After you’re notified of a data breach, you’ll want to focus your attention on preventing more data loss while helping investigators trace the breach. Experts recommend working with outside IT security forensic experts to ensure your environment is secure. Your IT department must resist the temptation to shut everything down as valuable evidence could be lost in that process. After a breach, you’ll need to determine:
- What information was accessed?
- Who the hackers were and where they were located?
- When the breach occurred?
- How many customers were affected?
Contact the authorities
Contact your local police department if you believe the compromise could result in the harm to a person or business. The FBI can also be used as a resource if your local police department doesn’t specialize in cyber-crime.
Notify Concerned Parties
Notify anyone such as a merchant bank, credit card network or other institutions that use the stolen data. Indiana adopted the Data Security Breach Notification law in 2006, which requires business to notify their customers when a third party obtains unauthorized access to their data.
It’s important you make it clear you are taking the issue seriously while also placing yourself in the customer’s shoes. By communicating early and delivering on a promise to secure customers’ information, this event will only be a one-day story rather than a recurring media nightmare. Communicate to them the measures that will be taken to prevent another attack.
Proactive prevention can go a long way in making it difficult for hackers to breach your network. This includes using high quality Wi-Fi routers, complex passwords, applying security updates and following compliance standards for your industry. Additionally, limiting the data you collect from your customers will go a long way ensuring a breach doesn’t cause far-reaching impact. For example, don’t store a customer’s full social security number if it’s not required for your business.
Lastly, it’s important to establish and empower an internal response team which includes senior managers, marketing communications, legal counsel and operational staff to create a holistic response plan in case another incident occurs.