Data breaches are becoming a bigger risk area for businesses each year, and you need to be prepared in case your company is the next target.
Not only are breaches rising in frequency, but they’re also increasing in cost. According to the Ponemon Institute, the average cost of a data breach went up from $159 to $179 per record in as little as a year. This is particularly alarming for small businesses, as hackers more often target these organizations due to the lack of complex security measures found at larger businesses. Plus, smaller companies are less equipped to handle those costs than their larger counterparts.
So what should you do if your small business is hit by a cyberattack?
Get to work right away.
Some businesses believe waiting to resolve a cyberattack is no big deal. Why do today what you can put off until tomorrow? However, this way of thinking is costly. Not only could you continue to lose valuable data, but you also may face costly fines for not following mandated notification procedures. Don’t wait.
Form a team to address the issue.
Many stakeholders in your organization must come together to resolve a data breach. Your cybersecurity experts will look at the technical side. Your chief financial officer will examine costs. Your public relations department will assess reputational damage. Other parties will be involved. For instance, you may require the help of a third-party firm to patch the vulnerability.
Investigate the cause of the breach.
Data is lost or stolen for various reasons, and determining the specific vulnerability helps your team discern how to proceed. Hackers can compromise your network. Employees can steal sensitive data. Thieves could break into your business and steal computers that contain personally identifiable data. Each of these scenarios and others require a unique response.
Brainstorm and implement solutions.
Once your team knows how the breach occurred, work on fixing the issue. Again, this may require the help of a third-party forensics agency and local law enforcement, depending on the cause.
This step also should include preventive measures. Now that you know a certain breach is possible, define strategies to stop it in the future.
Follow mandated notification procedures.
Depending on your industry and state, there are laws in place that determine how soon you must inform customers—and law enforcement—if their private data has been exposed. Certain businesses also must adhere to federal laws. Companies in the health care field, for example, must follow stricter notification laws.
Be sure you know how soon you must notify the appropriate parties. In some cases, business owners have as few as 24 hours.
Be thorough, honest and educational when you communicate.
Whether the data breach was unavoidable or due to insufficient security measures or human error, be honest with your customers by telling them where the breach originated and detailing how you’re addressing the issue to prevent it from happening again.