Business News Daily receives compensation from some of the companies listed on this page. Advertising Disclosure

Have You Been Hacked? How to Recover From a Data Breach

Updated Oct 27, 2023

Table of Contents

Open row

Every business is at risk of being hacked, especially small businesses. This constant state of vulnerability is terrifying, but the reality of a security breach experience can be even worse.

It’s extremely difficult to regain control of everything the hackers accessed, but you can still take action and salvage your reputation with your customers and clients. If you’re properly prepared for an attack, it’s possible to get back to business with minimal impact.

“Since it is really more of a question of when than if, when it comes to data breaches, we always recommend having a detailed and thorough data breach response plan in place,” said Michael Bruemmer, vice president of the data breach team at Experian. “And not only should that plan be created, but it needs to be practiced and updated on a regular basis to ensure it accounts for the latest threats, including attacks like ransomware.”

Legal and technology experts shared their insights on how owners can best recover from a small business data breach. [Read related article: Cyberattacks and Your Small Business: A Primer for Cybersecurity]

What is a data breach?

A data breach is any incident of an unauthorized person bypassing cybersecurity measures to view or steal confidential information. A data breach could take many forms, ranging from unintentional access to protected information to the deliberate penetration of a database to copy or steal corporate secrets. Sometimes, cybercriminals even try to corrupt an entire system.

Did You Know?Did you know

Remember the SolarWinds data breach? That attack used a third party to infiltrate the SolarWinds system, impacting over 18,000 organizations and interrupting supply chains around the world. The full extent of that breach is still being assessed.

What is the impact of a data breach?

A data breach can cost a small business around $38,000, according to a study by Kaspersky Labs. That cost can be exponentially larger for bigger enterprises. A report by IBM estimates the average cost at around $8 million, and the breach can devastate business operations, customer security, and even your workforce, depending on the type of attack.

You should keep your software up to date and compliant with corporate security policies, because the potential damages are catastrophic. Any one aspect of a data breach could put an entire organization out of business.

How to identify a data breach

You can’t start recovering from a breach unless you know it’s occurred, so it’s critical to learn how to identify when something has gone wrong. In many cases, though, there aren’t any telltale signs that you’ve been hacked.

“Often, businesses discover that they have been breached for the first time months after it happened, when they are informed by law enforcement, business partners, banks, or the media, who themselves discover the businesses’ data being sold on the black market,” said David Zetoony, a partner with international law firm Bryan Cave. “Other businesses may have been breached months or even years ago and still do not know.”

However, a few things may still tip you off to a security problem. Francoise Gilbert, founder of the IT Law Group, said that slow or lagging computer response time, pop-up windows that you can’t close, client reports of spam emails from your account, or strange programs or websites asking for your credentials could all be signs of a data breach. If malware or a virus is discovered on your system, you’ll also want to investigate to see if any data was compromised.

What to do when a breach occurs

By the time you discover a breach, the hacker has likely already stolen or misused the information and erased their trail. Therefore, your first priority after discovering a breach should be to piece together what happened, how bad the breach was, and which customers might have been impacted, Zetoony said.

  • Retain a specialist. A forensic expert can find, preserve, and analyze electronic equipment and data to assess precisely what happened and prevent repeat breaches.
  • Contact your legal department. A lawyer specializing in data security breaches typically advises an organization to notify consumers, the public, insurance providers or regulators.
  • Stop using any infected equipment. When you discover a breach, you should immediately stop using any device that has been compromised and physically disconnect any internet connections. This will not only help preserve evidence for an investigation, but also prevent further breaches in the short term.
  • Back up critical data. Once your machine is disconnected from the internet, you can create redundancy of critical information like access and activity logs, customer lists, payment information, and trade secrets.

What is cyber insurance?

Cyber insurance is a type of business insurance that helps you recover from cybercrimes like extortion, fraud and data breaches by reimbursing you for expenses due to a data breach, while offering a barrier against liability to customers or clients. It’s kind of like car insurance: Your auto insurance provider covers damages caused by a road incident and any third parties involved.

When considering cyber insurance providers, ask them how they’ll help you mitigate your business’s risk of cyberattacks. Insurance providers can often provide guidance and training to reduce your company’s risk, like teaching you and your team how to avoid phishing scams and detect a breach so you can take quick action to minimize the impact. Several measures are available to businesses, including virus protection and firewalls, to keep criminals out.

Did You Know?Did you know

Not all free antivirus software is legal for business use. However, these antivirus solutions are both free and legal for small businesses to use.

Informing affected parties

Once you’ve assessed the initial damage and potential cause, your next order of business is to break the news to your business partners, vendors, customers and any other stakeholders.

“Besides the technological aspect, one of the most important ways to recover a company’s reputation and relationship with its customers and clients is to ensure these parties are properly notified and taken care of,” Bruemmer said. “Companies should send clear and concise notification letters that help affected parties know what to do and how to protect themselves from identity theft. The breached company should always offer a remedy, such as an identity theft protection product so they receive free monitoring and access to their credit report as well as assistance with resolving fraud.”

Nicholas Gaffney, a lawyer and founder of legal media relations firm Zumado, said it’s important to have a response team in place that will work quickly to preserve and enhance the reputation of your organization after a data breach. This means having a team member serve as the point person for official responses to inquiries about the breach, as well as being transparent and consistent in all communications about it.


Reputation management companies can help you respond to a data breach or any other PR crisis in a way that preserves your brand image and customers’ trust. Check out our guide to choosing a reputation management service. You may also want to invest in reputation insurance to help with the fallout costs.

How to prevent future breaches

It’s a long road to recovery after your company suffers a data breach, but once you have the situation under control, you can learn from it and work to prevent another incident.

1. Provide cybersecurity training for your staff.

Gilbert said that a highly trained and vigilant staff is the key to minimizing the risk and damages of future breaches. Your employees should take extra care when using company equipment and learn to recognize clues that could indicate compromised information. [Do you have remote workers? Make sure they know these cybersecurity tips for working from home.]

2. Regularly audit connected devices.

Conduct a periodic sweep of all your personnel’s equipment to catch any malware and security holes. This basic practice is almost like regular maintenance for your equipment. Making sure there are no obvious vulnerabilities on a regular basis helps keep breaches from happening in the first place. This is especially important for organizations with a bring-your-own-device policy.

3. Use a VPN.

The best virtual private networks (VPNs) can prevent a targeted attack from occurring in the first place. Setting up a VPN creates a private connection to the internet, acting as a tunnel to prevent anyone outside the network from seeing who you are, what you’re doing and where you’re located.

Zetoony reminds businesses that, given enough time, a data security incident is as inevitable as any other type of crime, but you can learn from it to handle it better going forward.

“If you view each breach as a learning exercise, you won’t be able to stop them necessarily, but you can learn how to respond to them more efficiently, quickly, and with less impact to your business and your customers.”

Eduardo Vasconcellos and Nicole Fallon contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.

Sammi Caramela
Contributing Writer at
Sammi Caramela has always loved words. When she isn't writing for and Business News Daily, she's writing (and furiously editing) her first novel, reading a YA book with a third cup of coffee, or attending local pop-punk concerts. She is also the content manager for Lightning Media Partners. Check out her short stories in "Night Light: Haunted Tales of Terror," which is sold on Amazon.
Back to top
Desktop background imageMobile background image
In partnership with BDCBND presents the b. newsletter:

Building Better Businesses

Insights on business strategy and culture, right to your inbox.
Part of the network.