You Just Discovered a Cyber Attack! What Now?

Your data has been breached! Your heart races. You’re angry and confused. What do you do?

In our last post on cybersecurity, we offered suggestions on how to avoid just such a scenario. But even if you have installed at least some of these preventive measures, cyber criminals are very sophisticated.

So if they get through to your data, what steps should you take if your information has been exposed? We consulted the Federal Trade Commission (FTC) website for advice. What follows is a quick summary. We suggest you go to the site for more in depth recommendations.

3 Steps You Should Take After a Cyber Attack on Your Business

The first step is to secure your operations. Secure your systems and fix whatever vulnerabilities might have caused the breach. Remember it’s possible that there have been multiple data breaches.

Do everything you can to prevent additional data loss. If you have an I.T. team, mobilize it right away. The steps you take depend on your business and the kind of breach you’ve suffered. But do the best you can to assemble a team of experts to determine the source and magnitude of the breach. This may include legal counsel with privacy and data security expertise.

Finally, don’t destroy any forensic evidence as you investigate and fix the problem that caused the attack.

Second, fix vulnerabilities by thinking of service providers with access, checking your network segmentation and working with your forensics experts. Put a plan together on how you will communicate the breach to all of the affected audiences.

That includes your customers. Good communication up front can limit the concerns and frustrations customers may have. This could save you time and money as the breach plays itself out.

Third, notify all of the appropriate parties, including law enforcement, other affected businesses, and affected individuals.

And note the legal requirements in the NYS Information Security Breach and Notification Act. From the New York State Office of Technology Services, “State entities and persons or businesses conducting business who own or license computerized data which includes private information must disclose any breach of the data to New York residents whose private information was exposed.”

There are also federal laws that you must comply with. For example, the Health Breach Notification Rule may apply if personal health records are involved.

Cyber Crime is VERY Costly to Businesses Both in Time and Money

There is much more to each of these actions than we’ve mentioned here. As you can see, rectifying a data breach can be an arduous task. One that takes you away from what you do best, serving your customers.

So next week we’ll offer a solution and talk about cyber insurance. Managing the risk with the help of experts from one of our cyber insurance special carriers can make a breach much easier to deal with. We’ll tell you how with information on the cyber insurance policies we offer.

Until next time,

Your SZW Team

SZW Insurance is your Utica area Trusted Choice™ independent insurance agent. Call us for a quote on insurance for your home, car, business, or life at 315.792.0000. Or request a quote here.