Learn how you can minimize data breach damage.Check out the infographic 5 Steps to Manage a Data Breach.
No one wants to deal with a data breach, but unfortunately with the rise of malware and hackers, a data breach is more likely to hit your business than you may think.
In any case, it’s smart to be prepared for data breaches, which includes having a plan.If you suspect a data breach in your business, your goal is clear: stop information from being stolen and repair the damage so it won’t happen again.
Here are some steps to take to stop information from being stolen, prevent further damage and restore operations as quickly as possible.
SEE ALSO: What To Do When You Get Hacked, Step-By-Step
1. Start your incident response planYou should already have one in place, which lays out what your company, employees, and third parties should do in the event of a data breach.
Make sure your employees know about the plan and are trained on what to do. Often, the ones that do the most damage in a data breach are employees who panicked and made mistakes. Having an incident response plan will help reduce confusion and panic in a data breach.
SEE ALSO: 5 Things Your Incident Response Plan Needs
2. Preserve evidenceIn a breach, your first impulse may be to delete everything. Don’t do it! You’ll need to make sure any evidence of the breach is preserved. This can help you find out what happened and who was responsible.
Make sure to document everything that’s happening, since it will make things easier for upcoming forensic investigations.
3. Contain the breachWhile you shouldn’t delete your infected systems, you do need to contain them. You need to isolate the affected areas so the rest of your business isn’t affected. Some things you can do are:
- Disconnect from the internet
- Disable remote access capability
- Preserve firewall settings
- Restrict internet traffic
- Change access control credentials
4. Handle public communicationsGet advice from your legal counsel to figure out the best way to notify the public and your customers of the breach. It’s also important to know the legislated mandatory time frames; you don’t want to get a fine on top of everything just because you didn’t tell the public on time.
It’s best the public finds out about the data breach from you. If you delay telling them, it will seem like you have something to hide. Decide when to let your customers know, and remember that sooner is better than later. Don’t let employees announce the breach.
5. Investigate and restore systemsYou’ll need to find out how you were breached in order to prevent it from happening again. A forensic investigation commissioned by a third party provides insight into the problem. Getting forensic services is often required by your acquiring bank and they are helpful in not only discovering the source of breach but also in helping you understand how to prevent the same thing from happening again. Be prepared because this may take time.
Once you’ve found and secured the source of the breach you’ll be able bring all affected systems back online. Make sure they are secure against future attacks by reaching full compliance with the PCI DSS.
Need a forensic investigation? Talk to us!
Additional tipsSome other things to think about in preparing for a data breach are:
- Train and test employees: your employees should be aware of the policies regarding data breaches. It may be a good idea to test them and have them practice containing a data breach.
- Get breach protection: breach protection can help reimburse you for the general costs associated with a breach (regulatory fees, card replacements, hardware, etc.)
- Delegate responsibilities: you should have a team that carries out your incident response plan. Putting it all on one person won’t be helpful.
Want to know more on handling a data breach? Check out our infographic 5 Steps to Manage a Data Breach.