Did you know that according to the Privacy Rights Clearinghouse, there have been 11,611,620,795 records that have experienced a breach since 2005? Many of these breaches include data elements useful to identity thieves, such as Social Security numbers, account numbers, credit card numbers, and driver’s license numbers. The world’s volume of data has been growing and sensitive data is one of the fastest-growing aspects of online data. Cybercriminals target that type of data to access more than any other.
What happens after a breach? One of the largest breaches, the Facebook Data Scandal is still fresh in users minds as we enter another election cycle. Out of the 2.2 billion Facebook users, 78 million were impacted by this breach. Data taken from Facebook was used to build a software program that predicts, profiles, and influences voter choices. The trust we all once had in Facebook was damaged but is slowly being rebuilt.
How To Rebuild Trust
Just like Facebook faces an uphill battle regaining the respect and trust users once had for the social media giant, so too do small and medium-sized companies need to take steps to gain the trust back after a breach. Here are some steps that business leaders, IT specialists, and your legal team will want to take if your company’s data is breached.
Confirm and Determine Extent of Breach
Once your business has become aware of a data breach, especially one that may have compromised personal or sensitive information, you will want to shut down access to the breached area. Confirm that a breach has occurred and determine which data was stolen or even was at risk of viewing. Unless your IT department has some level of expertise in this area, it may be best to hire a forensic IT specialist who can determine the vulnerability areas and what was viewed by the foreign party.
For companies in the medical and dental field who need to comply with HIPAA laws, this would be a good time to take an inventory of what files and data were viewed for legal reasons. You will have a different set of legalities to deal with given the laws on sensitive medical data.
Strengthen Your Security
Once a team has determined where the breach originated and what made your data vulnerable, you will need to take action to stop this from happening again. This will include but is not limited to, changing passwords, adding physical security measures, reconfiguring digital safeguards, limiting which users can gain access, firewalls, and adding dual authentication.
Communicate and Take Action
Once you have secured your system, divulging the extent of the breach to those impacted should be among your next steps. Many companies that have dealt with breaches often offer some sort of action to those affected. This many include free credit monitoring, free credit reports, alerts, and possibly a freeze on impacted accounts with the three major credit agencies in order to make it more difficult to have a cybercriminal open a fraudulent account in a client’s name.
Honesty really is the best policy when dealing with a data breach. Consumers will respond to open communication as well as steps that you take to rectify the situation. Remember that rebuilding trust will take time so stick with it. Keep the communication going with users who were impacted to show them you are willing to take whatever action is necessary to take to make things right again.
If you are looking for security solutions after a breach consider calling our experts at M&H Consults for a thorough overview. If you have questions, call M&H Consulting at 1-866-964-8324 or visit our website.
Categorised in: data breach, Data Retention, firewall, hacking, IT Consulting Services, ransomware, Security, spyware, virus