It’s every organizations worst nightmare: Your business has been hacked by someone that has accessed, stolen or otherwise compromised your sensitive or confidential data. And often, by the time you discover it, the breach is well underway: US companies take an average of 84 days to detect a breach according to recent studies. So what do you do? Well, it turns out that knowing what not to do is just as important as knowing what you should do —because, even with the best of intentions, your team could accidentally make the situation much worse. Here’s what to avoid in the event of a cyberattack.
Don’t panic!
Step back, take a deep breath, and evaluate the situation. Present management with as much information as you have about the breach and discuss the next steps that need to be taken.
Don’t react without a plan.
OK, everyone is probably ready to freak out, and they want to start fixing everything they can get their hands on as fast as possible. It’s critical that there is a plan in place to address this kind of issue beforehand. Avoid the knee-jerk reaction of running around trying to fix everything at once. Refer to your emergency plan and procedures that map out who is responsible for what, and make sure they document every action they take as they go along. There should also be a Security Manager in place to lead the remediation and recovery process. Whatever you do, don’t try to cover this event up and fix it yourself!
Don’t hesitate to hire an external cybersecurity team.
There are cybersecurity teams that specialize in fixing problems like this. Many times they can resolve issues like this much faster than your own staff. Some SMBs don’t hire external security services because “it’s not in the budget”. But if a breach is so bad that your business could go under, it’s worth the investment. Interview and select a cybersecurity vendor before a breach happens so you can have one in the wings in the event of an emergency.
Don’t try to hide the event.
It might be tempting to only share data breach information with upper management or with staff on a need-to-know basis. But the entire company should be informed, as well as vendors and customers who might be affected as well. That said, they may have a lot of questions that will take up a lot of your time, so don’t say anything until your mitigation plan is already mapped out and underway.
Don’t sugarcoat the situation.
Be honest about what happened. Transparency is key. If confidential or client information has been compromised, proactively contact key vendors and customers. It’s better that they hear about it from you than through the rumor mill or, worse yet, the media. Be sure to arm your customer service and sales teams with enough information to keep a consistent and honest message about the situation so that they can better communicate with your customers (and you won’t lose them in the long run).
Don’t rush.
Your team might be working around the clock on the problem and they may be tempted to knock out and close tickets quickly because it looks like you’re making progress but every fix needs to be checked and double-checked after a breach, even if it slows things down. When people rush, the risk of mistakes goes up dramatically and the last thing you need is more problems
Don’t neglect your cybersecurity regulatory obligations.
Every state has different security breach notification laws, so no matter where you’re located, chances are good that you will have to report a breach to the authorities. Skipping this step could result in fines or worse. If you’re an organization regulated by HIPAA rules, it’s important to follow those rules closely to avoid harsh penalties. If you’re unsure of your reporting responsibilities, engage a compliance specialist immediately.
Don’t forget to conduct the post-mortem review.
You’ve put everything back in order and the crisis seems to be over. It’s not time to go back to business as usual yet. At the end of the remediation process, it’s important to learn from your mistakes and improve security going forward. It’s important to learn from our mistakes and the review process could reveal ways to avoid a breach happening again. This could involve investing in additional cybersecurity products or software, and restructuring your IT to increase protection for your most sensitive information or simply improving employee training.
Don’t forget to train your employees.
Employees are the weakest link in cybersecurity breaches. 90% of all data breaches can be traced back to an employee doing something they shouldn’t have done. Once things have settled down, implement (or revise) your all-staff cybersecurity training with the knowledge you’ve gained from this breach.