What You Should Do if Your Data is Breached
Step 1: Breathe
Step 2: Panic (just kidding! Seriously, breathe and then take action to mitigate the issue)
Nobody wants their data to be breached, or to lose customer information to hackers. Yet the reality is it happens more than we realize.
Data breaches are not like in those crime TV shows where some maniac attempts to take over the world with computers (okay, some might be maniacs). In reality, hackers usually don’t want you to know there’s a breach.
Did you know it can take up to 6 months for a company to even realize that their data has been breached? Yikes! (remember step 1 everyone)
After a data breach, a hacker impersonating someone from the business can keep stealing information for MONTHS without anybody even knowing. Worse than this, if regulatory compliances are violated, the organization suffering the data breach can face legal fines. This is why 60 percent of small companies go out of business within six months of a cyber attack or data breach.
Feeling queasy? Don’t worry, we have some crucial steps that will help alleviate the stress!
- Figure Out What Was Stolen
If you suspect there was a data breach, try and find out what was stolen. You may want to bring in a technical person for this one. first you discover what kind of information was lost. When it comes to important information that hackers take, you can break the types of information into three levels of importance:
Low Sensitivity: customer names and street addresses (these are easily found online anyhow)
Medium Sensitivity: email addresses, dates of birth, and credit or debit card account numbers.
High Sensitivity: Social Security numbers, online-account passwords, passport numbers, financial account numbers, and payment-card security codes (also known as a CCV number).
- Change the Passwords (yep, all of them!)
If your online accounts have been compromised, change the passwords immediately. If your company uses the same password for any other accounts, change those as well.
Create a new, stronger hard-to-hack password for each and every account.
Many online companies today offers two-factor authentication to protect an account, and it can be a good idea to use it. Yes, it’s another step every time you login, but with two-factor authentication, a data hacker can’t get in, even with the right password, unless they have a numeric code that texted to the legitimate user’s phone (so, like, don’t lose your phone either).
Also, if creating and remembering all those new fancy passwords is difficult for you, then you can use a password manager to handle it all for you. With a password manager, you’ll need to remember only one password; the software will take care of the rest. (Of course, the downside is that if the master password is compromised, all your accounts could be as well.)
The name of the game? Change your passwords, and often.
3. Let your Customers Know
It might be tempting to try to hide the fact that your security failed you, but as we learned from the Facebook Cambridge Analytica scandal, everything is eventually discovered. Remember that data breach regulations can involve a number of federal and state laws. It is important to know how and when to notify affected customers. Some regulations may impose strict deadlines for reporting a breach, so it is essential to review and understand what’s expected of your business. It may also be worth seeking the advice of an attorney experienced in data breach issues.
4. We Got Your Back!
Of course, we hope that your business never none of our customers ever faces a data breach. And the good news is that Affant’s remote monitoring services aim to minimize the risk dramatically. If you have concerns about data break risks, then consider speaking with our IT managed services team about how we can help with your in-house IT security needs.