What to Do After a Business Data Breach

credit payment

Data breaches have dominated news cycles recently, so if you own a small business, you should be doing everything in your power to make sure you and your clients don’t fall victim to the next big breach. As incidents like the recent Equifax breach demonstrate, there’s simply no way to guard against a major hack with 100 percent certainty, but you can have a plan of action ready in the event one occurs.

Following the best practices outlined below can greatly reduce the likelihood of your business suffering a breach. Since the worst are those that occur and then aren’t addressed for weeks or even months, knowing how you’re going to respond is critical. Get a plan of action in place – start with these tips and build out your prevention and response plans today.

1. Stop Additional Damage

The most important step to take after discovering your business has been breached by a hacker is to prevent additional attacks and damage. Because this type of incident occurs when a hacker discovers a vulnerability within your business, it’s important to lock everything down. Have a message prepared that you can share through your social media presence, website and/or voicemail.

Promptly update passwords and credentials. It’s very common for hackers to get into a business after obtaining a password, so changing all of them may be exactly what’s needed to cut off a criminal’s access to your business.

2. Investigate

While your existing IT team should be able to handle a lot of the lock down protocol after a breach, it’s worth bringing in an expert to check for any loose ends. Not only will a breach expert provide peace of mind to you and your clients, but they will be able to help collect evidence and document exactly what happened.

3. Get Legal Guidance and Disclose

It’s also a very good idea to bring legal counsel with this type of experience into the fold. Knowledgeable legal counsel will be able to advise you about the laws and implications of a breach. The legal experts you work with will bring you up to speed with the worst case scenario in regards to potential lawsuits, as well as fees and penalties related to noncompliance.

Once you’re aware of your legal standing, you’ll want to have a plan for communicating with all potentially impacted customers. Not communicating well is a mistake that companies of all sizes make. By being as transparent and responsive as possible, you can help keep the reputation of your business strong in spite of the challenges you may be facing.

This may seem like a lot to take in, but being prepared is an investment that will definitely pay off. Take steps to ensure your credit card processor is following all industry standards for security and encryption and communicate with them any time you have a particular data concern. They should be happy to help you navigate the world of payment processing, and if they aren’t, it may be time to look for another processing company.



Posted on Wednesday, November 1st, 2017