Damage Control: Specific Measures to Take After a Data Breach

A data breach can be one of the most costly and damaging events occurring in business today. A study done by the Ponemon Institute in 2018 revealed that the average cost of a data breach in the U.S. is $3.86 million. While businesses take every measure to prevent these intrusions, they can happen even under the most controlled cybersecurity policies. Damage control is of the highest priority, and companies must immediately activate a response plan. 

My Company’s Data Has Been Breached. Now What?

Once a breach has occurred, the FTC recommends taking the following actions. 

• Prevent any further illegal activity by shutting down the lines of communication to the impacted systems. However, any existing auditing and logging applications should remain operational to provide additional information on the breach.
• If there were any physically accessible areas to sensitive computer systems, change access codes to prevent future entry by unauthorized personnel. 
• Update or lock credentials on all impacted systems. This action will prevent any further access by hackers. 
• Activate your damage control plan. Gather a team of experts experienced in cybercrime who can thoroughly investigate the breach by collecting and analyzing evidence. If necessary, recruit third-party data forensics investigators who can take on this responsibility. 
• Search for any exposed data that may appear on other websites. If posted, contact the associated business to have this information removed.

Damage Control Measures

After the above immediate actions are taken, a thorough investigation into the data compromise’s scope and impact should follow. System logs and audits can help pinpoint how the breach occurred and the extent of the damages. 

Investigating how the intrusion happened is a crucial step to controlling damage and avoiding future occurrences. There are many possible causes that may involve staff. These range from someone disclosing their sign-in credentials to unauthorized parties to a malware-infected device logged into the network. However, the failure to adequately patch or update security software can be a probable cause as well.

Depending on the causes of the breach, several actions can be immediately taken to prevent further damage. 

• Run virus and malware scans to catch potential issues that may have contributed to the breach.
• If a mobile device used to connect to the network has gone missing, remotely lock or delete apps related to the company.
• If necessary, verify and change firewall rules that may have allowed an unauthorized user access to the network. 
• Check if the service provider is involved and if and how they will address the problem in their systems. 

Legal Responsibilities to Customers

Data breaches do not just damage businesses, they adversely affect customers if their data is stolen and subsequently exploited. Many underground avenues exist online in what is known as the dark web, where unscrupulous parties exchange credit card numbers and other stolen data. The affected business has a legal and moral responsibility to its customers to protect them from financial damage resulting from the data breach. 

There are measures a business can take to help protect their reputation while assisting their clients. 

1. By law, cyberattacks must be reported to all those affected and to law enforcement authorities at the local, state, federal, or international levels. Failure to do so can result in massive fines. 
2. Contact the company’s insurer so that they are aware of what has happened.
3. Consult with a public relations expert for assistance in damage control and interfacing with the media if the breach is made public.
4. Consult with a lawyer, especially if litigation from customers and regulatory agencies will be an issue. 

Our premium support and management can help take your firm to the next level. Contact us for more information on our innovative digital technologies.