You read the books, consulted the experts and took precautions to protect your small business from a data breach. Even so, you have just discovered that your carefully laid defenses had been usurped. At this time of maximum vulnerability, it is vital that you act decisively, thoughtfully and with care.
As stressful and frightening as this situation certainly is, stay calm. Don’t let fear or anger cloud your judgment or cause you to make rash decisions. Resist the impulse to turn off your computers or shut down your network system. Doing so might cause you to lose crucial data that could help a forensic expert get to the bottom of the data breach.
Retain all logs for your systems, databases, applications and networks. Enlist help in getting a forensic image of your hard drives and, if possible, live memory of your systems. As soon as possible, contact law enforcement and inform them of the crime. Depending on where you are located, they may even have a special unit dedicated to cyber security.
Write it Down
Your next crucial step in dealing with a breach is to carefully document every aspect of the incident. Describe how you learned about the breach. Then detail what parts of your network were attacked and recount to the best of your ability what data were compromised.
Taking time to meticulously chronicle everything you can about the incident will help you as you talk to law enforcement officials, forensic specialists and even your attorney in the weeks and months to come.
Notify Everyone Involved
A data breach is not something that can be kept secret. Each state where your customers live will have different notification requirements to which you must adhere. Make sure you know what regulators need to be notified and by what dates. Also, be sure you know exactly what information you must include.
Although it may be tempting to try to save money by dealing with the breach on your own, this could cause harmful delays and additional stress, neither of which is helpful. Hiring an attorney, a forensic specialist or a cyber security expert can equip you with the tools and the knowledge you need to weather the storm.
Contact Financial Institutions and Credit Card Providers
Whether you have free credit card processing or you pay a merchant company to provide it, you need to get in touch with all of the banks and processing companies with whom you do business once you have identified a breach. Ask them to monitor your account and alert you to any unusual activity.
No business is immune from cyber crime regardless of how careful and extensive its precautions may be. If you are ever one of the thousands of companies that falls victim to data breaches each year, take heart. If you deal with the crime in a careful, step-by-step fashion, being sure to document everything and to get help from the experts, you can survive this often devastating and upsetting situation.