Data breaches. They are happening more frequently and getting more clever with each attempt. It is commonplace to hear on the news about yet another data breach from businesses on global, national, and local levels. What should business owners do in the case that the event happens to them? There are several key steps that should be taken in the minutes, hours, and days after a breach has been identified. Let’s take a look at them.
Small businesses never expect that a breach will happen to them when, in reality, small businesses account for more than half of the world’s data breaches. Small businesses are more likely to have a smaller budget to afford the latest security measures, and many do not have a full time IT department. These factors alone make small businesses vulnerable.
Therefore, it is important that these businesses have a written plan, that will be like a blueprint of what to do in the case this occurs at your office. One of the first things is to try to stay calm and not panic. There are experts who can help you.
Find It, Fix It
Once you have become aware of a data breach or an attack, the first step is to find the vulnerability and fix it immediately. Secure both your physical area and access to your system. Work with either your IT person or an IT team that can be mobilized to identify where the breach originated and how to isolate it.
Consult with A Legal Expert
Once the immediate threat is over, it may be a smart idea to talk to a legal expert who has some experience dealing with business security and privacy violations. There will be some actions that you are legally obligated to do in regard to notifying those people whose sensitive data was accessed or even stolen.
Notifications
Along with your legal team, you will need to notify the authorities at both the local and federal levels. If the breach occurred within a company that needs to remain compliant with HIPAA, then further notifications will also be needed. The Federal Trade Commission has published a guide of who, what, and when for breach notifications. The state of Massachusetts has also composed a guide to help those impacted know whom to notify. Notifications must be sent to the businesses, individuals, and the authorities to ensure that communication occurs of what is being done to rectify the situation.
What your business does in the days following a data breach can impact its reputation for years to come. Be sure to do all you can to access the situation, keep the right people informed, and fix any future security vulnerabilities so that this does not happen again.
Do you have questions about the risks your company faces? Do you know what to do in the case of a data breach? Call M&H Consulting for more information about data breaches and what your obligations are after one occurs. Call us at 1-866-964-8324 or visit our website.
Categorised in: antimalware, antispyware, antivirus, data breach, data management, Devices, disaster recovery, IT Consulting Services, Security