Many security experts now say that becoming the victim of a data breach is no longer a matter of “if” but “when.”
In fact, discovering you’ve been breached can be a bit of a blessing. Many companies don’t learn that they’ve been hacked for months, by which time intruders have done considerable damage.
The tactics for dealing with a data breach are mostly common sense, yet it’s surprising how few organizations follow their instincts. Confusion and alarm can give way to panic, which leads to reckless decision-making. If your organization is the victim of a hack, keep calm and follow these five steps.
1. Contain and assess the damage. Take a triage approach by first stopping the bleeding. Take any affected systems offline (if possible) or change passwords and other access controls to head off any further intrusions. Then take stock of what happened: What data was compromised and when? How much was stolen and how valuable is that data? Who is affected and what are the consequences for them? This last question is critical because the sensitivity of the data will determine your potential liability — and how quickly you need to respond.
Find and secure all records related to the intrusion, including logs of network traffic, database queries and access attempts. If the breach occurred at a service provider, you may need to call in third-party help, as contractors aren’t always cooperative in having their operations investigated.
2. Notify authorities. Depending on the scope and severity of the breach, you may need to notify multiple regulatory and law enforcement agencies. Keep in mind that every state has its own notification rules, and regulatory agencies may be involved both on- and offshore. It’s a good idea to have a notification plan in place before a hack occurs.
3. Determine remediation steps. If sensitive information has been compromised, determine who has been affected, such as customers, business partners, employees and owners of personally identifiable information. You’ll need to contact these constituents to inform them of the issue and lay out your plan for damage control and remediation. The faster you act, the less likely you’ll have to deal with a storm of class-action suits and other legal threats.
4. Speak openly and often. As some recent prominent breaches have shown, trying to bury the news is a losing strategy. As soon as those people who are affected learn of the theft, the cat is out of the bag. Use the media at your disposal to get your message out and respond to questions. Be honest about what you know (and what you don’t know). Explain what you’re doing to prevent a recurrence and how you will help those who are affected. People can be remarkably forgiving if you show an earnest commitment to making things right.
5. Learn and improve. Develop a plan to prevent the incident from reoccurring. This should include technology fixes, but also process improvements and employee training. Share details with internal constituents and a broad outline with customers, media and other opinion-leaders.
Data breaches don’t kill companies — but they can create disruption and delay that sets back the organization. These steps will help you put the incident behind you as quickly as possible and emerge stronger from the experience.