Steps to Take When Your Sensitive Data is Breached

Roughly 267 million records were exposed during data breaches just in 2012 alone, the global information services organization Experian estimates. With numbers like these, most businesses find that it’s not a matter of “if” their data will be breached, but “when” it’s going to happen.

With data breaches becoming such a common problem for people and businesses alike, occurring roughly eight million times each month according to IBM, it’s important to know the steps to take once you become aware a data breach has occurred in order to properly protect your business, your reputation and your financial interests.

Create a Data Breach Action Plan

It’s necessary now, before breaches occur, to create an action plan to follow when they do occur. These are a few of the steps small business owners should include in any response plans involving data breaches.

  • Discover and investigate the breach internally.
  • Contact law enforcement officers if this is a case where that might apply (hacking is a crime).
  • Notify financial institutions you do business with. Change account numbers or close accounts as appropriate.
  • Engage the services of professionals to assist with the investigation as well as the potential fallout for your business. This may include computer forensic investigation firms, data recovery specialists, law firms, crisis management teams and/or PR firms.
  • Notify customers and employees who have been directly affected by the breach and purchase identify theft protection services for those who were affected. Many states have laws regarding notifications involving data breaches. Make sure you know the law in your state so that you’re in compliance.
  • Get ahead of the breach in the media. It’s best to be proactive with statements regarding the breach, so that you control the narrative. This protect you from the need to do damage control after someone else goes public with their version of events first.
  • Keep those who were affected by the breach up to date about what’s going on through notifications in the mail or via email. Give customers and employees details, facts and information about what’s going on and steps they can take to protect themselves.
  • Respond to questions and inquiries. Transparency dispels thoughts that you are trying to hide things from a concerned public. For small businesses this may involve hiring someone to field calls and calm concerns.

The key is to stay on top of things from start to finish. How you deal with the fallout says a lot about you as a business and will determine whether or not your customers choose to ride out the storm with you.

Be on the lookout for our next data breach article in the series involving data breach notification.