With cyber thieves on the prowl, even with the best precautions, business can be hacked and sensitive data stolen. Small businesses are particularly vulnerable because oftentimes they do not have the resources to fight back and get back on their feet. No matter the size of the business, all should take prudent steps to minimize the chance of this happening.
Analysis of the Breach
When a business has been hacked, the first step should be to get to the root of the problem. Determine how the breach occurred, at what time and assess which data was stolen or tampered with. Find out if customers, business partners, contractors etc. are affected. If they are, they should be informed immediately so that they can take action to prevent further loss. Immediately inform the cyber crime squad of your local police station. You can also informed the FBI which has the wherewithal s for forensic analysis. They can give you valuable assistance in what you should do next. You should make sure to inform your service provider that there has been a security breach and get them to check if it was due to a security hole in their servers.
Insurance
If you have insurance that covers cyber crime, contact your insurance agent immediately both verbally and by letter. Depending on the policy you have, the insurance company may address legl issue, if not you may want to get legal representation as soon as possible. If personal information was stolen, most states require that you have a legal obligation to inform the affected persons. Some states also require that state authorities be alerted in such a scenario. There is no federal law which requires a business to inform federal authorities of the breach. If the company does business in many states, the problem is multiplied since there a multitude of state laws to contend with. It is imperative that even small businesses take out a cyber insurance policy since this will mitigate the loss and chances of recovery are much greater.
Inform Affected Parties
As soon as a data breach has taken place you should not attempt to sweep it under the carpet. Such a policy, could lead to criminal penalties as well as law suits. The best course of action is to inform all your customers, business partners etc. of the data breach. Inform them how it occurred and the steps you are taking, to not only contain the loss, but also prevent future data loss. Even if you are not legally bound to inform your customers, this is the best course of action to retain goodwill and salvage the business.
Infrastructure
To minimize the loss and contain it, the business may have to take bold steps. These steps may be disruptive and could cost a lot, but it is unavoidable. Take steps to remove infected computers and shut down your website till the system is cleaned up. The business may have to reformat their computers and restore data using uninfected back-ups. The sooner this is carried out the better.
Strengthen Your Defenses
Post crisis, a thorough analysis that identifies solutions should be conducted. Invest in policies and technologies that will keep the business safe from future attacks. Upgrade software and anti-virus programs. Ensure that the anti-virus program is updated frequently. Designate only one computer for online banking transactions. This computer should not be used for any other web based activity such as surfing or e mail.
Vigilance
Being well prepared is the best defense against future attacks. Institute a well thought out strategy for security and data replication. If in house expertise is not available, it is worthwhile paying an outside consultant to develop policies, procedures and revamps to the network. Apart from this comprehensive Disaster Recovery plan should e developed. Employees should be trained and familiar with the DR plan.
Disclaimer
This article is meant as a general guide line and is not intended to replace expert advice. Readers should get proper advice from experts on these issues.