What NOT to do after a data breach
Breathe deep, reduce anxiety, and avoid these 9 things
It’s an IT department’s worst nightmare: Your business has been hacked by a third party that has accessed your sensitive, confidential data. And often, by the time you discover it, a breach is well underway: US companies take an average of 221 days to detect a breach, according to a 2018 study. So what do you do? Well, it turns out that knowing what not to do is just as important—because, even with the best of intentions, your team could accidentally make the situation much worse. Here’s what to avoid in the event of a cyberattack.
Step back, take a deep breath, and evaluate the situation. Inform management immediately. Calmly present them with as much information as you have about the breach and discuss next steps.
Don’t react without a plan.
OK, so your team is freaked out, and they want to start fixing everything they can get their hands on as fast as possible. Tell them to hold tight, refer to the emergency plan and procedure guide that maps out who is responsible for what, and make sure they document every action they take as they go along. (Oh, and make sure you have one of those guides prepared in advance, and regularly update it when you have staff changes.) Get your project manager involved if it’s appropriate.
Don’t hesitate to hire an external cybersecurity team.
Many SMBs don’t hire external security services because it’s not in the budget. But if a breach is so bad that your business could go under, it’s worth the investment. Get management to approve a line item in the annual budget for this—money you hopefully never have to spend. Interview and select a cybersecurity vendor before a breach happens so you have one in the wings in the event of an emergency.
Don’t keep quiet.
It may be tempting to only share data breach information to upper management or to staff on a need-to-know basis. But the entire company should be informed, as well as vendors and customers who might be affected as well. That said, they will freak out too, and have a lot of questions that will take up a lot of your time, so don’t say anything until your mitigation plan is already mapped out and rolling along.
Don’t sugarcoat the situation.
Be honest about what happened. Transparency is key (even if your PR team tells you otherwise). Along these lines, proactively contact key vendors and customers and be sure to arm your customer service team with detailed information so that they can best help your customers (and you won’t lose them in the long run).
Don’t neglect your cybersecurity regulations.
Every state has different security breach notification laws, so no matter where you’re located, chances are good that you will have to report a breach to the local authorities. Skipping this step could result in fines or worse.
Your team is probably working around the clock, and they may be tempted to knock out and close tickets quickly because it looks like you’re making progress (and pleases your project manager). But every fix needs to be checked and triple-checked after a breach, even if it slows things down.
Don’t skip the post-mortem.
The crisis seems to be over (you hope). It’s not time to go back to business as usual yet. At the end of the remediation process, it’s important to learn from your mistakes and improve security in the future. This could involve investing in additional cybersecurity products or software, and restructuring your IT to increase protection for the most sensitive data (such as separating customer data from systems used for email).
Don’t forget to train your employees.
Employees are the weakest link in cybersecurity breaches. Once things have settled down, implement (or revise) your all-staff cybersecurity training with the knowledge you’ve gained from this breach.
used with permission from HP Tech@Work