If you are a small business owner, you handle some sensitive information. If you have a small bakery, for example, you have point of sale systems where payment information is recorded. You might have a list of names and addresses for clients with active orders. If you have an accounting practice, you handle sensitive financial and tax information. If you run a daycare, you have health information, and the list goes on.
Many businesses will never see a security breach or hack, but when it happens to you, you might be scrambling to pick up the pieces. Security breaches don’t only hurt your credibility with your clients, patients or customers, but security problems also hurt your business financially.
Here’s what you need to do to start the road to recovery.
Take Necessary Legal Action
As soon as you discover there might be a breach, you’re required by law to take several steps to report the incident and notify your customers. You will need to follow the following steps.
1. Contact Your Local Law Enforcement Agency
For some more serious breaches that affect people outside your community and state, the police may put you in contact with the FBI. The will also want to investigate what happened, who was involved, how it happened, looking deep into your business and records to find the source of the breach.
2. Contact a Lawyer
When employee or customer information is compromised, you are also now open to lawsuits from people who might have been affected. Even if the breach happened through no negligence of your own, a business lawyer can help you field any actions brought against your business.
3. Contact the Federal Trade Commission.
The FTC can offer help and guidance for how to proceed with your specific business type, but they also may want to investigate further.
4. Hire an Independent Investigator
Forensic accounting can help with financial breaches, and IT forensics can help you look for cyber hacks that compromised personal information.
5. Notify Anyone Who Might Have Been Affected
If you find your credit card machine is being skimmed, you will need to notify everyone who has paid, usually through a public announcement. If you have employees whose personal ID numbers and addresses might be targeted, you must let them know immediately.
These are basic steps to take. Each one will help you during the first few hours and days after the breach occur. You might feel tempted to put everything off until you know how bad things are, but early reporting can help law enforcement find the source and perpetrator more easily. Early reporting can also protect you from future lawsuits.
Stop the Damage
Concurrently with the five steps above, you should do everything you can to repair the damage and prevent further data loss. Things to consider depending on the seriousness of the breach include:
- Change all the passwords or codes for computerized doors, company laptops and employee accounts.
- Freeze any financial accounts you think might have been impacted.
- Have all employees log out of any work-based accounts.
- Immediately disconnect computers from the network.
- Shut down email traffic.
Keep all systems as they were in case an investigator needs to examine them. Also, if you have any concrete evidence of the breach, even if it seems useless, do not get rid of it. Every bit of evidence helps to find where the hack started.
Contact a Cyber Security Company for Future Protection
If you didn’t have cyber security before, you need it now. A cyber security company can identify your vulnerable areas and secure them, making you less likely to fall victim to a breach. They will monitor your security profile for present and future threats, and implement technologies to thwart them.
As a small business, you may not have felt you needed this level of protection, but with nearly 50% of all attacks targeting small and medium sized businesses think again. You are exactly who they’re targeting.
Small businesses can often be affected by security breaches from their vendor systems. For example, the recent security failure at Experian affects every mortgage broker, bank or small credit union. You can’t rely on the security of partner companies to guarantee your own safety.
For true sustainable cybersecurity, each company (large or small) would have their own safe measures in place. This way, when the security at one company fails, the breach is less likely to spread to other businesses and linked accounts, especially if threats come through email or social media.
Reach Out to Affected Consumers and Investors
A loss of trust is natural after your business has been hacked. Even if you could not have prevented the security breach, you’ll lose customer trust and confidence. You’ll want to immediately begin an outreach program tailored to both comply with notification laws in your state, as well as give your customers a feeling of security that you’re doing all you can.
You may want to offer affect customers credit or financial monitoring to each person free of charge; in some states it is the law, but when its’ not it is a show of good fatith. This helps to preserve your relationship with your clients so that your business survives the breach.
For more information about getting the security you need to protect your business, contact us at CyberGuard360.