Recovering from a Data BreachOliver Bock
The worst has happened, and you’ve discovered that your business has been the victim of a data breach. What do you do next?
Many businesses are facing this problem every day, with cybercrime representing a significant and growing threat. Although it’s the breaches at large corporations that make the headlines, small businesses are just as at risk, if not more so.
The National Cyber Security Alliance reports that small businesses are the target in 71% of security breaches, and with less expertise they are at significant risk of handling the data breach wrongly.
The cost of handling these data breaches is going up, too: research by the Ponemon Institute found that the global average cost has risen to $154 per compromised record and $217 in the United States.
Discovering the Breach
A cyberattack typically happens very quickly. In a matter of hours or even just minutes, a vast amount of data can be lost. Discovering the attack is rarely so quick, though, with Mandiant reporting that the time taken for businesses to identify a breach is an average of 243 days.
This is slow reaction time is because if a hacker knows what they are doing it can be very hard for a business to know it has lost data until it is too late. It might not be your business that discovers the breach either – the media, banks, or law enforcement agencies are often to the first to find out.
What this means is that when you do discover a breach, it is essential that you act fast. The longer it takes for you to investigate it and deal with the problem the higher your costs are likely to be and the greater the damage to your reputation.
Once you’ve discovered a breach, your next step is to investigate what happened, what data has been leaked, and which customers have been affected. You should stop using the device or server that has been breached in order to preserve any evidence that may have been left by the attacker.
If you are a smaller organization, the forensics may need to be done by an outside investigator who specializes in analyzing electronic devices in this way. In the event of a recent breach, the use of a specialist could help contain further breaches and prevent further damage, and such a team should be engaged as quickly as possible.
Understanding Your Legal Requirements
In both the US and the EU there are significant and complex regulations concerning data and what you need to report to in the event of a breach. For businesses operating in multiple states and countries, the regulatory requirements may vary considerably.
Many of these regulations govern issues concerning reporting, often imposing time constraints. It is important to bring your legal team on board with the situation as quickly as possible so they can advise regarding your legal obligations.
Notifying Affected Parties
Once you understand the situation fully you must start informing customers, partners, and any other affected parties of the breach. Where possible this should only be done once the extent of the breach is known and your legal requirements understood. When some companies have announced breaches too fast, they have actually increased the expenses they are exposed to because they have notified too many customers. Contacting customers who weren’t exposed in the breach leads to confusing retractions and your business appearing incompetent; spreading speculation, or unsubstantiated rumor does little for your reputation.
When you do contact customers about the breach, you must admit your mistake and accept responsibility for the inconvenience. Make sure customers understand that you will help them with any and all consequences that occur. Once you’ve reported a breach, you need to be ready for a potentially large volume of calls and questions from customers. Having a person, or team (depending on the size of the breach), available and trained for this is the best idea.
Because the breach has broken the trust your customers have in you, you must now do everything you can to rebuild that trust. When choosing your response and the help you provide customers it is worth noting that your legal requirements for helping them rarely meet your ethical requirements. Wherever possible it is recommended that you provide as much help for your customers as you can after a breach.
Learning from the Breach
With the value of data rising and hackers becoming more and more sophisticated one things for certain – this won’t be the last time that someone tries to access your data for their own ends.
Coming out the other side of a breach you have three main review points for your business to work on:
- What would we have to do to further protect our data in the future?
- What could we do to increase our ability to spot data leaks quicker?
- How can we improve our response to the breach?
By treating a breach as an opportunity for learning, you can make sure that your future responses are improved, and your risk of losing data is decreased. Because security and hacking strategies are constantly being revised and improved, in a kind of digital arms race, there will always be improvements you can make.
For many businesses, significant improvements can be made by simply investing in the right technology. Onion ID helps give your IT visibility and control over all of your data and connected devices. It also ensures that your identity and access management controls, a key point of entry for many attacks, are kept refreshed and updated.