What to Do After a Data Breach?
Tips from Your Professional Paper Shredding Company
Security attacks, phishing campaigns and system hacks are the kind of enemies that can strike fear into individuals as well as businesses of any size. Breaches can be both intentional as well as unintentional. A lost phone or laptop may be a potential exposure, but the damage from that can be limited quickly and easily, especially if your data and contacts have been periodically backed up. However, when the breach is intentional, there may be several far reaching consequences and both damage limitation and information recovery may be more complex.
The 2017 report of the annual study conducted by Ponemon Institute suggests that in the US, data breaches cost organizations an average of $225 per record compromised. Despite these statistics, if you happen to be a victim of a data breach, do not panic. No matter how sensitive the compromised information, there are certain immediate steps that you can take to limit the damage, and minimize the threat to yourself or your business.
Top 5 Things to Do to Tackle Potential Risks after a Data Breach
- Assess the Damage: Once you realize that you or your business are victims of any kind of data breach, the first step is to determine the extent of the damage. While the names and addresses of customers may qualify as sensitive information, their dates of birth, financial details, passwords or social security numbers fall into the highly sensitive information category. Knowing the extent of exposure will help you determine the next course of action.
- Notify Concerned Stakeholders: In most cases, you may be bound by federal or state laws that dictate how, when and who you need to notify when a hack or breach occurs. Review your legal and ethical obligations, and as soon as you know the nature and extent of the breach, notify your customers as well as key personnel. Simultaneously, take the affected websites, devices or servers offline, and limit any ongoing damage by changing passwords and checking system audit logs to trace the origin of the hack, wherever possible.
- Inform Relevant Authorities and Financial Institutions: Depending on the nature of the information that has been compromised, inform the relevant banks, credit card companies or other financial institutions. Reach out to all the major credit reporting bureaus and ask for a fraud alert to be put out in the names of the individuals or the business. If you or your customers are at the risk of identity theft, sign up for facilities such as credit freeze and credit monitoring to prevent any illegal activity in the financial accounts. Make sure that you report the frauds and hacks to your local law enforcement agencies, as well as the IRS, if social security numbers are part of the breach.
- Determine the How and What, and Design Preventive Measures: Despite the utmost precautions, data breaches may be unavoidable. However, it is still important to conduct a post mortem and assess how the incident occurred in the first place. It could be human error / negligence, failure in technology application or even deliberate human intervention by a disgruntled stakeholder. Based on the findings, it is important to design timely measures that can prevent future threats to you and your business.
- Maintain Continuous Communication: In addition to informing your customers about the original breach, consider maintaining a continuous communication channel. Keep them informed about your assessments regarding the incident, corrective measures that you have taken to contain the damage, and preventative measures that you have put in place for the future. After a breach, 100% customer retention may be a challenge. However, communicating how you are handling the threat may help to re-instill their trust and confidence in your business.
As a best practice, every business should consider implementing formal policies for clean desks, document management, and information security. These policies will help define the safe storage and maintenance of confidential information and protect you and your business from potential fraud. For systematic, professional disposal of your documents and digital media, rely on TITAN Mobile Shredding, an NAID AAA Certified company. We offer several on-site and off-site services including annual bulk purges, routine on-site shredding, and destruction of hard drives.
For all paper and digital media shredding needs, speak to the data destruction professionals at TITAN Mobile Shredding. Call us at (866) 848-2699 or contact us online.