The two most dreaded words for a business owner today are data breach. Anyone can become a victim of cybercrime. This has made their networks the favoured hunting grounds for cybercriminals.
According to Cybersecurity Ventures, cybercrime is expected to cost the global economy $6 trillion annually.
With so many more companies working remotely, there are new avenues available for cybercrime. Remote teams have been using cloud communications platforms more and more. This has created newer avenues for data theft, with individuals using their own internet connections and security options.
The right steps after a data breach can help companies mitigate losses for customers, as well as themselves. Since security systems aren’t infallible, here are 5 essential precautions to take after a data breach:
1. Communicate with Customers
According to a report by Businesswire, 83% of US customers will stop engaging with a business following a security breach. Additionally, 41% of customers say they will never return to a business after a breach.
Companies that have suffered from a data breach need to maintain effective communication with their customers. They need to:
- Reach out promptly
- Take responsibility
- Provide details on the breach, and what steps they will take to resolve it
- Inform customers of anything they need to do
- Remain transparent
- Provide discounts/offers/compensation to affected customers
These steps show that the company cares about its customers, and can mitigate the negative impact of data infringement.
The company also needs to educate its employees. They can use workflow platforms to guide their employees through the standard process and information. For example, PR teams should know exactly what information to publish in a press release. Likewise, customer service teams should be able to provide clear and timely answers to customer queries.
Make sure to keep all channels of communication open. From emails to online video calling to assure customers that assistance is available 24/7.
2. Get Third Party Counsel
In the event of a data breach, a company needs to bring in experts. These experts need to assess the situation and create a roadmap for damage control.
Get an External IT Expert
The breach probably happened on the watch of the company’s existing IT provider. Naturally, they would have a vested interest in not disclosing all aspects of the fault. An external agency can perform an unbiased audit. This is vital for discovering the cause of the breach, as well as preventing it in future. They can help you protect your digital assets, ensure data is being stored appropriately, and recommend any other necessary changes.
Get Legal Advice
An attorney will provide counsel about the extent of disclosures the company is obligated to make at different levels. These can be across the county, state/province or countrywide. Depending on the nature and extent of the breach, the attorney can analyse how much information needs to be divulged and to how many people. For instance, if you provide accounting software, you’re likely to be handling more confidential data than if you provide an image editing app!
Document Everything
The company should keep a record of everything. These records include the date and time when the breach was discovered, who found the breach, and any steps taken. Make sure to interview anyone involved. It’s a good idea to leverage phone call monitoring and keep disc images where possible. Also, ensure affected systems are isolated. This ensures the company’s compliance with legal requirements.
3. Post-Mortem of Breach
It is crucial to conduct an intensive post-mortem after a data breach. This helps to identify exactly what data has been compromised and from which point in the system. There can be multiple reasons for the breach, including:
- Human error
- Phishing attack
- Outdated antivirus software
- Unsecured port in the firewall
- Malware and malicious code
According to a 2020 report by Enisa, malware was the top cyber threat in the EU followed by a sharp rise in phishing, identity theft and ransomware.
An intrusion prevention system (IPS) can automatically identify the source of a breach. Once the nature and source of the breach have been identified, it can then be contained. The in-house IT team and a forensics team can troubleshoot and conduct a security audit. Forensics experts can identify the root cause of the breach with resources like data capture. They can track and capture traffic on any link, and analyse that data in real-time. They can also flag vulnerabilities in the existing network.
A data breach post-mortem is vital to identify and improve how a company manages data security. It is impossible to prevent all future breaches. However, you can reduce them.
Identifying weaknesses in your system’s defence can mitigate risks. For example, a company can’t prevent an employee’s laptop from being stolen. However, it can make sure that any company information stored on it can only be accessed through a VPN connection. Companies can also enforce a stringent data encryption policy and procedure on these machines. This makes employees accountable for any violation of data privacy.
4. Pre-emptive Measures
One of the most effective ways to deal with a data breach is to follow the company’s data breach plan. The company forms a team with members from:
- IT
- PR and Communications
- Legal
- Customer Service
- Insurance
This is a crisis management team prepared to deal with an impending breach. The key steps in any response plan are:
- Identifying the cause of the breach
- Isolating the affected systems
- Containing the breach to stop further leaks
Response teams should have a process map that shows a clear chain of custody and command so due processes can be issued and followed. In short, everyone knows what to do or say.
There is no room for improvisation in dealing with a data breach. Everything, right down to the company’s internal and external communication post-breach has to follow a plan. Companies without a data breach plan in place risk making panic decisions in a crisis. These decisions are mostly reactive and may end up doing more damage to the business. A data breach plan is like a map to navigate your movement through the crisis.
Cyber Liability Insurance is another pre-emptive measure to address a data breach. This is also known as Network Security Insurance. Good insurance policies should provide a forensics expert to identify the root cause and extent of the breach, a lawyer to assess the legal ramifications of data loss, and compensation for affected clients.
5. Don’t Get Complacent
It is tempting for a company to want to resume business as usual once the issue has been resolved. However, post data breach, businesses need to be more diligent than ever to ensure there are no further attacks. One way to do this is to review existing technology. The systems that were used before the breach may no longer be suitable now. The company should audit all its existing resources to identify possible security gaps. This includes everything from antivirus software to CCaaS.
To ensure a more robust approach to data protection in future, companies need to update their data breach plan. This needs to be treated as a ‘living document’ which evolves with the business. Just as the business itself changes with mergers and acquisitions, so must the data breach plan.
A data breach can have a lasting impact on business. Following a customer’s loss of faith after a breach, it can take a long time to regain their confidence in the business. As a result, all business affairs from lead generation to revenue operations will be affected. If you want to keep users engaged, the only thing to do in this situation is to try and mitigate the damage. By addressing a data breach in a timely and effective manner, a company can not only reduce the costs of the breach but also strengthen its defences against future threats.
Be prepared for the worst - and then hope for the best.