Responding to the nightmare of a data breach
It’s every business owner’s nightmare. Should hackers gain access to your customers’ or employees’ sensitive data, the very reputation of your company could be compromised. And lawsuits might soon follow.
No business owner wants to think about such a crisis, yet it’s imperative that you do. Suffering a data breach without an emergency response plan leaves you vulnerable. Not only the damage of the attack itself, but also the potential fallout from your own panicked decisions.
5 steps to take
A comprehensive plan generally follows five steps once a data breach occurs:
Call your attorney.
He or she should be able to advise you on the potential legal ramifications of the incident and what you should do or not do (or say) in response. Involve your attorney in the creation of your response plan, so all this won’t come out of the blue.
Engage a digital forensics investigator.
Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. The preliminary goal will be to answer two fundamental questions. How were the systems breached? What data did the hackers access? Once these questions have been answered, experts can evaluate the extent of the damage.
Fortify your IT systems.
While investigative and response procedures are underway, you need to proactively prevent another breach and strengthen controls. Doing so will obviously involve changing passwords, adding firewalls, creating deeper layers of user authentication, and/or restrict some employees from certain systems.
No matter the size of the company, the communications goal following a data breach is essentially the same. Provide accurate information about the incident in a timely manner that preserves the trust of customers, employees, investors, creditors and other stakeholders.
Note that in a timely manner doesn’t mean immediately, often, it’s best to acknowledge an incident occurred but hold off on a detailed statement until you know precisely what happened and can reassure those affected that you’re taking specific measures to control the damage.
Activate or adjust credit and IT monitoring services.
You may want to initiate an early warning system against future breaches. So set up a credit monitoring service and engage an IT consultant to periodically check your systems for unauthorized or suspicious activity.
Data breaches are an inevitable risk of running a business in today’s networked, technology-driven world. Should this nightmare become a reality for your business, a well-conceived emergency response plan can preserve your company’s goodwill and minimize the negative impact on profitability. Contact Reggie Novak, CPA, CFE, at 216.831.7171 or by email here to help you budget for such a plan and establish internal controls to prevent and detect fraud related to (and not related to) data breaches.
You may also be interested in the following: