The worst has come to pass: your organization’s data has been exposed. What should your business do after a data breach?
Whether information was stolen by stealthy spearphishers, foreign hackers or even a malicious inside party, these steps will help you regain control and customer trust. Here are six actions to take in the hours, weeks and months after your organization’s data is breached.
Prevent Further Data Loss
The first step after a data breach is to immediately take all affected systems and equipment offline. However, do NOT turn off any machines until data forensics begins as they may contain valuable evidence. If you’re able, you may want to replace affected machines with clean ones while the breach is under investigation.
Additionally, update the credentials of all authorized users to ensure that any stolen logins or passwords are rendered useless to hackers. Meanwhile, monitor all entry and exit points to your systems, especially those involved in the breach.
Contact the Authorities
As soon as you confirm that a data breach has occurred, call your local police. File a report and let them know about the risk for identity theft so that they can help control the situation.
If your local authorities aren’t equipped to investigate data theft or information compromises, call the local office for the Federal Bureau of Investigation or the U.S. Secret Service.
Stay Calm and Stick to Your Plan
When a data breach occurs, you’ll want to begin putting out the fire right away — but it’s important not to panic.
Before taking action, refer to your organization’s incident response plan. Does your solution fit in with the plan? Are you skipping any steps? Despite the temptation to veer off course or jump ahead, it’s best to adhere to your company’s emergency plan — after all, that’s what it’s there for.
And if your plan doesn’t properly address the emergency at hand? Rather than improvise, it’s best to call in third-party experts who can help you regain control of the situation. Which brings us to the next step…
Call On the Experts
Put together a dedicated team to handle the investigation and aftermath of the data breach. Depending on your industry and the size of your organization, this team might include legal advisors, data forensics, IT, information security, operations, investor relations, human resources, public relations or even crisis management.
Consider hiring a third-party data forensics team to conduct an unbiased investigation of the events. They will be able to collect evidence, record forensic images of any affected systems and assemble a remediation plan for your organization. In addition to your regular legal counsel, you may also want to seek counsel from legal advisors who specialize in cybersecurity and data privacy.
Hiring outside parties may seem costly upfront, but they could save you from significant damages in the long run.
After a data breach, your customers’ trust in your organization is already weakened. It’s critical that you be upfront with them about what happened, what information was compromised, and what you’re doing to resolve it.
In most states, there are specific legal guidelines you must follow when notifying affected parties about a data breach. Regardless of what your state law mandates, you should be as transparent as possible. In general, you should notify individuals of the following:
- How the breach occurred
- What information was stolen or exposed
- How cybercriminals have used the data
- What steps you’re taking to mitigate the situation
- How you’re protecting and supporting affected individuals
- How to contact support at your organization
If the breach involved electronic health information, be sure to comply with HIPAA laws and the Federal Trade Commission’s health breach notification rules.
Offer Ongoing Support
While it may be an extra expense for your organization, extending services to data breach victims could help you win back some of your customers’ trust. If you are able, consider offering free identity protection services or credit monitoring to affected individuals. Continue to offer customer support in the aftermath of the breach.
Mitigating the Effects of Data Breaches
The best way to mitigate the effect of a data breach is a defense-in-depth security strategy that involves devaluing sensitive personal and payment data.
Bluefin specializes in payment and data security solutions including PCI-validated Point-to-Point Encryption (P2PE), which safeguards cardholder data entered at the point of sale or over the phone, and tokenization of Personally Identifiable Information (PII), Personal Health Information (PHI), and payment data entered online with our ShieldConex® platform. These technology encrypt and tokenize data so that if there is a breach – hackers get nothing of value.
To learn more about our security solutions, contact us today.