Preparing for the unexpected: what to do after a cyber breach
No matter the type or size of your business, you need to be prepared for a cyber breach at any time. Hacks from external sources is the top cause of data breaches—and they're on the rise. According to The Privacy Rights Clearinghouse, an organization that has tracked and published detailed data breach information since 2005, in 2013 external hacking accounted for 83.77% of data breaches. By 2014, that amount was up to 98.73% (Source: Security Week). As you can imagine, businesses are impacted in a big way when a breach occurs.
The best way to arm yourself against an attack is by partnering with a processor that prioritizes data security. This starts with basics like compliance. It moves through to how your card processing services are configured with strength of data security in mind. However, even with the most high tech systems, cyber breaches happen. Here’s how to recover and move forward after your business has been the victim of such an attack.
How to recover from a cyber breach
In late March 2016, Digital Guardian published findings from several industry experts about what their advice would be in the event of a data breach. Here are three of the key pieces of advice those experts shared:
- Communicate openly. As tempting as it may be to do so, don’t hide from the breach. Instead, share open and honest communication with your employees, customers and shareholders (if applicable). If the blame lies with the company, say so. Don’t risk trying to cover something up or pass blame, and the ugly truth coming out later. Include in this communication the steps you are actively taking to correct the breach and prevent a similar situation from happening in the future. Making people feel that you’re being proactive in your response to the cyber breach will go a long way in not losing their trust and loyalty in the long run.
- Dig into the problem. To help ensure you don’t suffer another breach in the future—as well as minimize damage from this breach—you need to really get to the root of the problem. Use forensics to determine what went wrong and how you can eliminate the vulnerabilities going forward, so you won't have to guess what led to the breach. Make sure you capture all traffic on your business systems, record all packets on your network for analysis, allow administrators to carefully inspect all data history for anomalies and make sure you have a comprehensive reporting mechanism in place.
- Call on a third-party expert. Whether the cyber breach had an internal or external cause, bringing in a third-party IT expert that specializes in data breaches can help your business fully understand what happened and help to prevent future attacks. Your current IT provider may not be positioned to make an objective assessment--since the data breach occurred under their watch. A neutral, third-party expert can quickly determine what went wrong and will let you know what needs to be done to correct the problems moving forward.
If your business has suffered a cyber breach, all hope is not lost for the future of your company. Work with your payments processor or a third-party data breach expert to help you recover from the attack and move forward.