What Should You or Your Company Do After a Data Breach?

Having personal identity information or company data stolen is, at the very least, a huge inconvenience. At its worst, it can be a significant disruption to your life and finances, and it can put small companies out of business. The ongoing threat of cyberattacks has required all businesses to become hypervigilant in their own defense. But as hackers acquire new skills and tools to get around the safeguards, data breaches can still happen.

Such breaches of company financial data and trade secrets can lead to bankruptcy for small or midsized businesses, especially if they lack secure and tested backups. Financial damage includes both short-term and long-term losses, including regulatory fines, legal and notification fees and consumer lawsuits. The best course of action is to consult a cyber security professional for a cyber risk analysis before an incident occurs. Failing that, it’s important to remember that how you respond to a breach is the key to successfully rebounding from a cyberattack.

Q: What is the first step you should take if you discover a cyber security breach?

A: Act quickly to isolate the affected systems to prevent the breach from spreading. Disconnect the compromised devices from the internet and your internal network to stop ongoing data theft or system damage.

How Should a Company Respond After a Data Theft?

• Confirm a Breach Has Occurred – Just because you’ve received a notification that you’ve been hacked doesn’t mean that it’s so. One of the scams hackers employ is pretending to be a company that has had its data breached and warning you that you are a victim of the attack. Once they gain your trust, they will manipulate you into surrendering private data, such as passwords and security question responses. You must review your accounts directly and contact your credit bureaus before assuming a warning notification is legitimate. Your business IT or cyber security provider should investigate and assess the network.
• Cancel Any Affected Cards – If a credit or debit card account has been compromised, canceling the card will generally stop the damage caused by a hack. Then, by initiating a fraud investigation, your bank or credit institution will seek the source of the attack. In response to your report, many banks will refund the loss depending on the outcome of the investigation. After canceling a debit or credit card, you may request a new one with a different number
• Check All Your Accounts – Don’t make assumptions about what “should be safe.” Contact your banks and credit bureaus and carefully review all of your financial accounts for transactions that you don’t recognize or that don’t look right. If you’ve received any recent notices of late payments, overdrafts or IRS notifications that seem incorrect, they could be further clues related to your hack
• Accept Support from the Subject of the Breach – Once you’ve confirmed that an organization notifying you of a cyberattack is legitimate, if they offer services to correct or mitigate the damage caused, accept their help. They are likely to have more robust resources for dealing with data breaches and will be willing to work with you to resolve the security threats as quickly as possible
• Change and Strengthen Your Passwords and Use Multifactor Authentication – Password management and strong multifactor authentication are essential at all times. However, after a data breach, creating new credentials is imperative. You must assume that the hack has compromised everything and protect your accounts with new credentials
• Contact Credit Bureaus and Lenders – Credit bureaus can initiate fraud alerts and add them to your accounts so that they can watch for suspicious activity. They can also notify you of and guard against a hacker opening new accounts or taking out new loans in your name. You must also notify your business cyber insurance carrier within the time specified in your policy.

Q: Should you report a cyber security breach to authorities, and if so, why?

A: Yes, report a breach to the appropriate authorities, such as law enforcement or a national cyber security agency. Doing so not only helps in the investigation and potential prosecution of the attackers but may also be required by law, especially if personal or financial data was exposed. Reporting can also help alert other organizations to similar threats and strengthen broader cybersecurity efforts.

What Should You Do If Your Personal Information Has Been Compromised?

If your Social Security number has been stolen, your personal identity data and financial information are at high risk. A hacker, armed with your Social Security number, can attack your finances and reputation and disrupt your life for years to come. Theft of a Social Security number is the first step to stealing your identity. In addition to taking the above steps, here is what to do if you think your identity has been stolen:

• Place a security freeze on your credit reports or lock them
• Request a new Social Security card from the Social Security Administration
• File a police report or identity theft report with the FTC
• Carefully check all your credit reports in detail
• Report the theft to the IRS to help guard against tax fraud

Q: What role does communication play after a cyber security breach?

A: Clear and timely communication is vital, especially when informing employees, clients, business partners and stakeholders. Transparency helps maintain trust and ensures that those affected know what steps they should take. Provide accurate information without causing unnecessary panic, and follow legal guidelines on breach notifications.

What Cyber Security Steps Should You Take to Prevent Data Theft?

If you’ve already been the victim of a data breach, you must take immediate cyber security steps to ensure it never happens again. If you have not yet fallen victim to a cybercrime, you should act now. You may already be using some of these protective measures. Still, as your business adds more devices, smart controls, wireless access and remote access, your network surface attack area grows. Professional cyber security firms specialize in preventing cyberattacks and have a wide array of affordable managed solutions for small and midsized businesses.

They work with companies to establish cyber security best practices that help ensure confidential data has the best protection possible. Many companies, bound by strict compliance and privacy laws, such as legal, healthcare and financial services, cannot allow data breaches and must apply additional data protection measures.

Cyberattacks can have devastating consequences, taking months or years to resolve and costing tens to hundreds of thousands of dollars. Contact a local cyber security firm specializing in small and midsized businesses to assess your risks and ensure you have the best protection solution for your business.