Ask the Experts: What Should You Do If Your Business Data is Hacked?
The one call technology professionals never want to make is to the CEO telling them that sensitive customer or business data has been hacked. There is a feeling of betrayal anytime you or your business are a victim of theft, and there are a million details that need to be addressed. Before you can jump in and start working towards a resolution, it’s crucial that you understand the full impact of the loss so you can prevent additional infiltrations in the future. While you cannot prevent every cybersecurity incident, there are steps that you can take after an event that will help you protect your organization in the future.
We’ve Been Hacked. Now What?
Perhaps one of the most important steps you can take is to determine what went wrong. Did your technology team utilize the dread “Password123” password for a server? Are employees clicking on links that turn out to be malware that tunnels through your systems? Perhaps you have a user with a password on an unrelated account that was hacked, then used the same password and login for your corporate email — leaving your systems vulnerable to an attack. You notice that in many cases, the attack vector is actually a staff member who simply made a poor decision. Finding the culprit isn’t necessary for finger-pointing, but it will help you with the next step of your process: determining who (and what!) was impacted in the attack. According to Wil Buchanan, President/CEO of Philantech3 Cyber Security, “When a company is compromised and large amounts of customer data is sold illegally on the Internet, one of the biggest threats to the consumer, is the fact that most of us use the same password (or variations of the same password) for all of our online accounts”.
Determining the Scope of the Infiltration
If your IT team is proactive, you may have caught the hackers before they were able to do much more than pop into your systems — before they were able to dig deep and gain access to sensitive customer and business data. Even if customer information was stolen, you may discover that it was “only” email addresses that were found, not credit card numbers or other financial or health-related data. Determining the scope of the infiltration is an important step because this will form the basis of your communication with staff members, customers and other stakeholders. This also allows you to signify that some specific parts of your business are “safe”, or still need to be run through additional security checks to add layers of protection.
Anthony Buonaspina, CEO and Founder of LI Tech Advisors, learned this lesson the hard way: “A few years back I received a letter from an online security trading company that my data had been stolen as part of an attack. The letter reassured me that the data stolen was not sensitive. I then called the company and after a lengthy process of phone transfers I ended up speaking to a technical support person in charge of the data center that was hacked and when I pressed them for more details, I found out that more than just basic information was stolen and that very sensitive data was also taken. The letter from the company was not completely accurate in the amount and sensitivity of the data that was actually stolen”. Breaking trust in this way can quickly alienate customers and dramatically impact the reputation of your business for years to come.
Once the damage has been done, and the scope has been identified, your next step is to ensure that you’re communicating swiftly and accurately with key stakeholders. There are federal requirements for responding to a data breach that is published by the Federal Trade Commission. The FTC recommends commissioning a data forensics team and obtaining legal counsel to determine the full scope of your liability for the hack. When you consider the full scope of the requirements once your business is the victim of a cybersecurity incident, it makes the additional steps to boost your current security posture feel much easier to accomplish than waiting for a hack to happen.