What to Do After Your Company Has Had a Data Breach

The last 12 months have brought a lot of disruption due to COVID-19, and hackers have been having a heyday.

The move to remote working and the pandemic confusion have brought what many are calling a “cyber pandemic” due to the drastic rise in data breaches, ransomware, and other cyberattacks.

The FBI reported that cyber attacks were up 400% during the midst of the pandemic. During the first half of 2020, 36 billion records were exposed due to data breaches.

While prevention is the goal through strong cybersecurity measures like managed IT support and employee awareness training, breaches can happen. How prepared a company is to take the proper actions after a breach occurs can make a big difference in how damaging the attack is.

The Cost of a Data Breach

The average cost of a data breach in the U.S. is 3.86 million. It costs an estimated $150 for each record of customer PII (personally identifiable information) breached.

In organizations with an incident response team that tests breach response plans regularly, the average cost of a breach can be reduced by $2 million. This shows how being prepared and knowing what to do ahead of time can significantly reduce costs.

Steps to Take When a Data Breach is Detected

Data breaches can happen at any time. You might walk into the office and find a ransomware note displayed on a computer and all the data unreadable. Or a laptop may be stolen that has access to your entire customer database.

When you’ve suffered a breach, time is of the essence, and the actions you take can dictate what you’ll still be paying in remediation a year from now (39% of breach costs are incurred over a year after the incident).

Here are the steps to take after your data security has been breached.

Secure Your Operations

Your first step will be to immediately identify how the breach happened and secure that vulnerability to keep another breach from occurring. Hackers often leave backdoors for themselves that allow them access to your system to steal data or use system resources whenever they like.

It’s important to bring in an IT professional to help your Los Angeles area business fix the cause of the breach as fast as possible.

Secure Your Data

If you had data breached through an unauthorized cloud account or remote login, you want to make sure that data is secured immediately. This could mean moving all data to another more secure database until the cause of the breach is discovered. You’ll also want to do a password reset on all accounts.

It’s a good idea to also move any associated databases, such as an employee database, that might be on the same server or in the same cloud platforms. Data breach penalties for HIPAA or other data privacy rule violations are typically charged per record, so the fewer records breached, the better.

Secure Physical Premises

A breach of a network can be stopped by going offline and cutting off remote access while data is being secured. In the case of a breach caused by a remote worker’s device, turning off their modem is the fastest way to cut off the hacker while the IT team can get there for an investigation of how the breach occurred.

36% of surveyed companies say they’ve had a breach due a lack of security from a remote team member.

In the case of a device that has access to your data being lost or stolen, remotely lock or wipe the device if possible. This is why it’s important to have endpoint management in place, it allows you to secure devices remotely.

Permanently Fix the Vulnerability & Do a Full Audit

Once you’ve secured the immediate breach, you want to put permanent measures in place to ensure the same type of breach doesn’t happen again, or any type of breach.

The best way to see where any other vulnerabilities might be is to have a full cybersecurity audit to identify weaknesses and offer recommendations to mitigate your risk.

Make Breach Notifications

Various data privacy security rules will have different breach notification requirements. For example, in the case of HIPAA, a breach has to be reported if it impacts 500+ individuals within 60 days.

Reporting not only has to be done to the data breach authority, it has to be done to those impacted by the breach. The sooner, the better so those impacted can take any steps necessary to protect against identity theft.

Some of the things to include in a public breach notification to those impacted are:

  • Details on when and how the breach occurred
  • Exactly what type of personal data was breached (email, credit card details, etc.)
  • What your company has done to remediate the breach
  • Steps you’ve taken to ensure another breach doesn’t occur
  • Any help you’re providing with free identity theft protection, etc.

Get a Free 21-Point Cyber Security Audit

Neuron Computers can help your San Fernando Valley area business put safeguards in place to prevent a costly data breach.

Contact us today to sign up for a free IT security audit. Call 1-833-4-NEURON or reach us online.