Every business is at risk for being hacked — especially small businesses. Being in that constant vulnerable state is terrifying, but the reality of actually experiencing a security breach can be even worse.
It's likely impossible to regain control of everything the hackers accessed, but you can still take action and salvage your trusted reputation with your customers and clients, if you're properly prepared for an attack.
"Since it is really more of a question of when, than if, when it comes to data breaches, we always recommend having a detailed and thorough data breach response plan in place," said Michael Bruemmer, vice president of the data breach team at Experian. "And not only should that plan be created, but it needs to be practiced and updated on a regular basis to ensure it accounts for the latest threats, including attacks like ransomware."
Legal and technology experts shared their insights on how owners can best recover from a small business data breach. [See Related Story: Cybersecurity: A Small Business Guide]
Identifying a data breach
You can't start recovering from a breach unless you know it's occurred. That's why it's critical to learn how to identify when something has gone wrong. The problem, of course, is that in many cases, there aren't any telltale signs that say that you've been hacked.
"Often, businesses discover that they have been breached for the first time months after it happened, when they are informed by law enforcement, business partners, banks or the media — who themselves discover the businesses' data being sold on the black market," said David Zetoony, a partner with international law firm Bryan Cave. "Other businesses may have been breached months, or even years, ago and still do not know."
There are, however, a few things that may tip you off to a security problem. Francoise Gilbert, founder of IT Law Group, said that slow or lagging computer response time, pop-up windows that you can't close, client reports of spammy emails from your account, or strange programs or websites asking for your credentials could all be signs of a data breach. If malware or a virus is discovered on your system, you'll also want to investigate to see if any data was compromised.
What to do when a breach occurs
By the time you discover a breach, the hacker has likely already stolen or misused the information, and has often wiped his or her trail. Therefore, your first priority after discovering a breach should be to piece together what happened, how bad the breach was and which customers might have been impacted, Zetoony said.
"Companies typically call their attorney and have him or her retain [a forensic] investigator who specializes in finding, preserving and analyzing electronic equipment and data," Zetoony told Business News Daily. "Lawyers that specialize in data security breaches typically advise companies concerning any legal obligation that they have to notify consumers, the public, insurance carriers or regulators."
In terms of equipment, Gilbert advised organizations to stop using the server, computer or device where the breach occurred. This will preserve evidence, so the forensic team can look into the cause of the problem.
"If the computer is not performing a vital function, disconnect it physically from its network and the Internet immediately," she said. "Copy and securely store the access and activity logs from the affected machine, [and then] attempt to identify the type, nature and categories of information that has been affected — company trade secrets, customer lists, payment and delivery information, etc."
Informing affected parties
Once you've assessed the initial damage and potential cause, your next order of business is to break the news to your business partners, vendors, customers or any other affected stakeholders.
"Besides the technological aspect, one of the most important ways to recover a company's reputation and relationship with its customers and clients is to ensure these parties are properly notified and taken care of," Bruemmer said. "Companies should send clear and concise notification letters that help affected parties know what to do and how to protect themselves from identity theft. The breached company should always offer a remedy such as an identity theft protection product so they receive free monitoring and access to their credit report as well as assistance with resolving fraud."
Nicholas Gaffney, a lawyer and founder of legal media relations firm Zumado, said that it's important to have a response team in place that will work quickly to preserve and enhance the reputation of your organization after a data breach. This means having a team member assigned as the point person for official responses to inquiries about the breach, and being transparent and consistent in all communications about it.
Preventing future breaches
It's a long road to recovery after your company has suffered a data breach, but once you've gotten the situation under control, you can learn from it and work to prevent another incident from occurring. Gilbert said that a highly trained and vigilant staff is the key to minimizing the risk and damages of future breaches: Your employees should take extra care when using company equipment and learn to recognize clues that could indicate compromised information.
Additionally, Gilbert recommended conducting a periodic "sweep" of all your personnel's equipment to catch any malware and security holes.
Most importantly, Zetoony reminded businesses that, given enough time, a data security incident is as inevitable as any other type of crime — but learning from it will help you handle it better going forward.
"If you view each breach as a learning exercise, you won't be able to stop them necessarily," Zetoony said. "But you can learn how to respond to them more efficiently, quickly, and with less impact to your business and your customers."
Additional reporting by Nicole Taylor. Some source interviews were conducted for a previous version of this article.