Image Source: Unsplash (https://unsplash.com/photos/SYTO3xs06fU)
A data breach is bad news. Regardless of if it was an inside job or the work of a hacker via a dangerous malware upload, the damage caused by any cybersecurity breach can be catastrophic. Recent reports show that the cost of a breach can add up to millions of dollars in costs associated with fines and legal fees. On top of that, there is also a loss of customer trust.
The bottom line is that you need to protect your business at all costs, and if a criminal intrusion does occur, you need to act quickly to secure your company and protect your customers. Here are a few steps to take after a cybersecurity breach.
Size Up the Damage and Inform Customers
The first step to take immediately after a data breach is to investigate what data was stolen or damaged. Some hackers are after credit card numbers, some are satisfied with email addresses. Allow your IT team the time to take a close and detailed look to see what was stolen and which customers were affected.
All stolen information can cause an issue for your customers. Social security numbers can be used to take out fraudulent loans that can put the customer in debt. Even those email addresses can be used to send out malicious phishing emails and provide a doorway into their email account to steal other information. No matter what data was compromised, it is your responsibility to inform your customers.
Start by contacting each individual victim of the breach and warn them of what was stolen and provide steps on how to fix it on their end (cancel a credit card, watch for spam, dispute charges) Then, you will likely want to put a message out to the press. Although the leak wasn’t intended, every potential consumer has a right to know when a company has a breach so they can make a decision about where to shop without feeling that something was hidden from them. Either way, notify the victims as soon as possible.
Provide Guidance to Customers
While just telling them will be a good first step, it won’t hurt to give the customers some advice that your company and employees should mimic. For one, you should tell them to update all passwords so hackers cannot use the access to inflict further damage. Your employees should also have complex passwords to prevent fraud, which should include a mixed combination of letters, numbers, and special characters.
It is also not a bad idea to recommend that the customers install antivirus software on their systems. If you have the budget and really want to be helpful, offer them a membership to a reputable antivirus software service for a year to show that you truly care about their welfare. Antivirus software and firewalls should also be installed on all employee computers to provide an extra level of security.
If financial information was stolen, customers should be advised to call their banks to cancel cards and inform them of the possibility of fraudulent charges. Someone from your business should also call the credit card company to inform them of the situation. Take care of this right away because every passing second provides the hackers with a chance to rack up false charges.
Secure Your Systems
Once the customers have been informed, it is time to beef up your security, so this can never happen again. Consider bringing in an outside consultant who can give your security setup a fresh set of eyes and help to patch up any weak points. They need to look for the root of the issue because if you don’t find the source, the chance of a repeat issue is likely.
Another novel approach that many companies are trying is hiring an ethical hacker. Basically, this is a person who comes in and attempts to hack your systems on purpose in order to detect all vulnerabilities. When they hack in, they can see the holes and the damage they could cause when they breach. This information can be invaluable for adding updated security and estimating the potential impacts of a hack.
Once you have taken these extra steps to protect your company against all potential vulnerabilities, contact your customers again and tell them what you are doing on your end to make your company a safe place to visit. When you show them that you have gone above and beyond to assist, they are more likely to return.
Make no mistake, a data breach at your company is no small matter, but if you take responsibility and work to fix your issues, your company will find its footing again.
Subscribe to our RSS-feed and follow us on Twitter to stay in touch.
