How to Respond to a Data Breach
OCT 04, 2017 19:03 PM
A+ A A-

How to Respond to a Data Breach

by Larry Alton
If you’re like most Americans, cybersecurity is always in the back of your mind, but it takes an event like Equifax’s massive data breach to bring it to full attention. After compromising the social security numbers of 143 million Americans, Equifax is facing scrutiny from the media, consumers, and even other businesses, as they’re an extremely trusted and public company, and are responsible for the biggest data breach of all time.
But data breaches don’t have to be massive or heavily publicized to be destructive; in fact, much smaller data breaches can be even more harmful, since it’s harder to spread the information your consumers need to take protective measures.
So what happens if your company suffers a data breach? What should you do?
Important Steps to Take
These are the most important steps to take after you’ve suffered a suspected breach of data:
  1. Prevent further data loss. The most important step to take after a breach is to prevent any further damages in the form of data loss. In some cases, the damage may already be done. In others, taking swift proactive action could diminish the potential damage caused by the incident. Investigate to determine the root of the breach; if there’s a security vulnerability, patch it. If necessary, take your systems offline until you can figure out exactly what happened. It's important to stop the bleeding before moving forward.
  2. Secure your physical storage. Next, ensure the security of your physical storage, whether that’s with an in-house server, or hosted with a cloud provider. Check the integrity of your data, and the integrity of your backups to get a clear understanding of the situation.
  3. Contact law enforcement. Cybercrime is still a crime, so your next step should be to contact law enforcement and file a report. Make sure you tell police officers exactly what happened, when it happened, when you realized it happened, and any other details you can provide. Cybercrime specialists will likely work with your team to investigate the matter more completely, and hopefully identify the culprits.
  4. Announce the breach to customers. As quickly as possible, announce the breach to your customers. This won’t be fun, and you’re going to face significant backlash no matter what you say, but the sooner you address it, the better. Addressing the breach quickly shows that you’re on top of it, and that you’re transparent enough to admit the breach to your customers. Apologize, and explain what you’re doing to correct the problem.
  5. Give customers clear steps to take. Your customers will likely need to take action after the breach, such as changing their passwords, watching their bank accounts closely for fraudulent activity, or even freezing their credit. Print a brochure to send out, or create a website that lists the next steps each customer needs to take to remain secure, and have your customer service staff available to address questions.
  6. Address and correct misinformation. As people talk about the breach and the media reports on it, you’re likely to see significant misinformation circulating, such as rumors about what happened or bad advice on what steps to take next. Have your PR team proactively scout for this misinformation and correct it as soon as possible—you don’t want things to get any worse because of bad information.  
  7. Work with other businesses to restore order. It’s almost impossible to recover from a data breach fully with your own resources, so partner with other businesses (including cybersecurity firms) to restore order. 
Rebuilding Customer Trust
The hardest part about responding to a data breach is restoring the customer trust that you invariably lost in the process. And unfortunately, there’s no shortcut or “quick tip” that can help you do this. Instead, the only way to repair that trust is with time. Invest the time and resources to build better cybersecurity infrastructure, and promote that infrastructure to your customers so they know your commitment to improve. Continue providing the best products and services you can, and hopefully, within several months to a few years, people will forget about the data breach altogether.
[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment:

Computing Now Blogs
Business Intelligence
by Keith Peterson
Cloud Computing
A Cloud Blog: by Irena Bojanova
The Clear Cloud: by STC Cloud Computing
Computing Careers: by Lori Cameron
Display Technologies
Enterprise Solutions
Enterprise Thinking: by Josh Greenbaum
Healthcare Technologies
The Doctor Is In: Dr. Keith W. Vrbicky
Heterogeneous Systems
Hot Topics
NealNotes: by Neal Leavitt
Industry Trends
The Robotics Report: by Jeff Debrosse
Internet Of Things
Sensing IoT: by Irena Bojanova