Worried About Your Business's Ability To Bounce Back From A Data Breach? What Are Your Options?
Large-scale breaches of private consumer data (from credit card numbers to email passwords to confidential health information) are becoming more and more commonplace, with more than 1,000 retailers and government agencies reporting breaches during 2016. While large national retailers can usually bounce back from these types of breaches without much delay, smaller local or regional businesses can have a much tougher time adapting to a post-breach climate, and preventing a breach (or taking immediate corrective action upon learning of one) can be crucial to your future. Read on to learn more about the steps you can take now to protect yourself from a data breach, as well as some of the efforts you may want to make upon learning that your business's secure data has been compromised.
How can data breaches be prevented?
Hackers are sophisticated, and thus far no company has pioneered a software that unequivocally guarantees protection from breach—however, with the number of companies that take few (if any) steps to secure customer or client data, there are a few basic steps you can take to reduce the risk you'll be targeted in an attack.
The first is to invest in password management software. Employees who are required to remember multiple login identifiers will often set their browser to store or remember these passwords (or even write them on a sticky note pasted to the edge of the computer monitor); while this can save time, it can also leave this identifying information vulnerable. Meanwhile, a password manager can encrypt and store all relevant passwords so that you and your employees need not clutter your brains with this information but can still have constant access.
You'll also want to consider cloud computing. Many businesses that have only recently transitioned to the use of electronic records still rely on information exchange through USB drives or emailed documents; both of these are especially vulnerable to loss or theft. Securing relevant items on a secure cloud platform can help you and your staff work (and access documents) remotely without worry about the security of your data.
What should you do if you discover your business's private data has been compromised?
One of the most insidious aspects of online data breaches is that those whose servers have been hacked may not realize it for weeks, months, or even years. This is one reason why it's so important to invest in robust anti-virus software and other protection against outside intruders; even if an intruder is able to slip through these cyber walls, you'll be immediately notified and can then take corrective measures, rather than locking the proverbial barn door after the horse has already traveled around the globe.
Your first step should be to examine the breach to see what data was (or may have been) compromised. Unless you have an extensive background in IT (or your company deals with technology), this may require an outside technology consultant.
You'll then need to notify all those whose data was affected, informing them of the breach and what you're planning to do to correct it. In many cases, especially with large-scale attacks that simply seek all the information on a server and then sift through it later, much of the information obtained is likely to be of no consequence to the hacker. In other cases, those whose information was compromised may want to cancel any credit cards used to purchase items at your business or even place a credit freeze on their own account to prevent any future fraudulent activity.
Outlining these options to your customers (without advocating that they take a specific path) can go a long way toward restoring goodwill. If the circumstances surrounding the breach involved employee negligence or were otherwise egregious, you may also opt to pay for a period of credit monitoring for each affected customer.