So the worst happened and your business’s security was breached by hackers. Here’s what to do next.
It can happen to the best of companies. In spite of all the hard work you did try to make your company as secure as possible, some hackers managed to find a way in and wreak havoc. Identity theft, information access, and other similar break-ins can spell major problems for anyone. If this happened to you, you already know how bad it can get. Here’s what you should do if you have a break-in.
- Call your IT pros immediately, and get them to gauge the damage. Call a professional to gauge how much intel the attackers accessed, copied, or otherwise damaged. They also may be able to figure out how the attackers accessed the information. It may also be a good idea to form a task force specifically made to handle the breach.
- While they’re at it, they should also freeze the attacker’s ability to access your servers. If an attack is underway, it may be best to take the server offline until your IT and network security professionals figure out a way to re-secure it and stop the attack.
- Tell your clients what happened, and that you are taking care of it. Your clients deserve to know if someone illegally accessed their information or could have potentially stolen their identity. While it may hurt a little to admit that there was an attack, telling them that there was an attack is both the legal and ethical way to handle things.
- If it was a major attack, give people a heads up on what they should do to protect themselves. If hackers got passwords, make sure to tell them to create a new password. If it was something more along the lines of credit card information, tell them to check their bank statements and dispute fraudulent charges. Empower them to help out with the damage control.
- Speaking of damage control, make sure that your information can’t get accessed the same way again. Learn from your mistakes. If it was due to credit card processing hacks, make sure that you get a new POS and also reprogram the access code. If it was due to not shredding documents, invest in a shredder. Et cetera, et cetera, et cetera.
- Consider consulting a lawyer. If the security breach exposed very sensitive information, you may want to talk to a lawyer to find out what steps, if any, may need to be taken in addition to the ones described here. In some rare cases, there is a possibility that you may actually open yourself up to a lawsuit if the breach was really bad.
- Test the security fix before you declare “emergency over.” This sounds obvious, but it’s so often overlooked.
- Do any other obvious damage control necessary. Apologize to your clients. Work on rebuilding your reputation if necessary. Work to make a safer security monitoring system. You don’t want to create a PR nightmare.
While it may seem like a lot of work (and it is), the truth is that it only shows that security breaches, for the most part, are survivable. Of course, the best medicine for a security breach is a lot of prevention, so make sure to keep an eye on your networks!