A serious data breach can bring a business to its knees. Although a cyber-attack can only last minutes or hours, its consequences are dire and over 70% of the companies that fall victims end up in bankruptcy during the next 2 years, according to statistics. The reason for that is the lack of information or ability to recover after a cyber-assault. You risk losing your customers, destroying your reputation, losing money and decreasing in productivity. Any organization can become a target, regardless of the size and reputation. There are some huge businesses out there who lost billions of dollars in the aftermath of a cyber-attack. Take Equifax for instance, which was hacked of more than $140 million personal accounts belonging to US citizens, lost more than $6 billion in market capitalization and apparently their the losses will continue to rise.
Don’t let your business follow the same path. Here are some tips to apply in case your organization suffered a data breach:
- Always create backups. Everything related to your work should be automatically backed up: software, data, etc. This way, in case of any disaster, you can afford to start from scratch without losing any important information. You can hire a third-party service to deal with the backup process if you find it more convenient
- Immediately handle all the technical aspects: if you haven’t used encryption for sensitive data such as contact info, credit card details and so on, do it from now on! Also reinstall all the files that have been affected and remove the ones that were installed by the hackers, change all your passwords (not just the ones for the accounts that have been compromised)
- Contact the credit bureaus, companies and banks and inform them about what happened. Make sure they will lock all the accounts and don’t allow any transactions.
- Inform the parties involved. Let your clients and everyone else who was involved in the attack know what happened as soon as possible. It is important to be sincere and take responsibility. This way you won’t risk losing too many customers, if you know how to address the issue and you PR team is prepared for this scenario. Calm everybody down, give them details of the incident and ensure them that you will provide compensation and will invest in stronger security measures in the future
- Strive to understand the root of the problem, how everything happened. That will also be a valuable information for the future.
- Be prepared legally. Data breach is a sensitive issue and you shouldn’t be surprised if you’ll find yourself sued by your clients. You have to have a strong legal defense, just in case you have to get to court
- It’s best to prevent than to cure. Whether you had to deal with cyber-terrorism or not, make sure you take security seriously. Implement a disaster recovery plan, strong IT security policies and educate and train your staff. Also make sure you have everything monitored 24/7 for any suspicious activity.