Realizing that your business has been the target of a data breach is not something any corporate officer wants to face. According to an article from the Insurance Journal, 53 percent of businesses reported being hacked last year. Your company needs to be proactive and follow these steps, if your company becomes a victim of a cyber-attack...
- Determine what was stolen - Find out exactly what type of information was stolen. The most sensitive information will be social security numbers, medical insurance information, online-account passwords, banking information and payment-card security codes (the three- or four-digit number printed on the front or back of credit cards).
- Inform your customers immediately - Once you know a breach has taken place, by law you may be required to inform customers whose data has been compromised according to the National Conference of State Legislatures (NCSL). Customers should be notified as soon as possible. Offer them protection. It will help you to win back some trust. If it’s your company’s failure to protect their sensitive information, you should be honest with them.
- Notify proper authorities of the breach - If financial information is compromised, you may want to notify relevant financial institutions, so they can watch for suspicious transactions. Some activities, like investigation and media strategy, can be done after authorities are notified of a breach.
- Learn from the breach and prepare for next time - Once you’ve figured out what caused the breach, make sure it doesn’t happen again. Hacking is still the biggest cause of attacks so be sure to change all affected passwords. For years, experts have warned about the risks of relying on weak passwords. If the breach was caused from a phishing scam, (typically a fraudulent email message that seems to come from someone you know), be sure to train your employees not to visit any spoofed websites and not to disclose private information.