You’ve heeded the warning set out in our first article in our cybersecurity for small business series. You’ve followed the recommendations and created a prevention plan, set out in our second article, “It’s Time for Your Small Business to Create a Prevention Plan.” Even after a great deal of effort is put into prevention of data breaches, sometimes no amount of planning can safeguard from a security breach. No one is completely infallible to a breach with the constant evolution of technology available to hackers with malicious intent. However, it is important to consider and make an actionable plan for after a breach has occurred—when your data loss prevention plan has failed.

The third article in our cybersecurity for small businesses series will jump forward to take a look at the best action plans to consider when a data breach has occurred. Of course, there is no way to ensure with complete certainty that you will not suffer a breach. Losing control over sensitive data can be a business owner’s worst nightmare. But, as discussed in the first two articles in the series, data breaches can have a particularly devastating impact on smaller and emerging companies. In the 2017 State of Cybersecurity in Small Businesses report, Keeper found that 54% gave a resonant “yes” in response to a statement declaring that a data breach had been experienced in the past 12 months—an increase of 4% from the previous year. Cyber attacks similarly showed an increase in the 2017 report, rising from 55% to 61%.

The first step to incorporating a response plan into the culture of your small business should be to determine your risks. The first two articles in our series will help you realize your risk and help you to begin to create a prevention plan, but actually taking the steps of determining your unique risk will give you a clearer view of exactly how much money and effort should go into your response strategy. For example, a glance at the IBM X-Force Threat Intelligence Index 2018 would show that the financial services industry experienced the largest number of security incidents last year.

For small business owners, it can be more difficult to recognize a breach. Without a fully staffed IT team on site, it’s impossible to act as an expert in cybersecurity. Don’t worry—you don’t have to be. However, as a small business owner, it is important to gain some knowledge of the basic warning signs.

Basic Data Breach Warning Signs
  • Is your internet slow? Devices behaving strangely? This could be malware.
  • Unable to sign in to your user accounts with valid credentials? This could be a sign of tampering.
  • Attention drawn to an abnormal amount of outbound traffic? It’s possible a data transfer is in the works.

Taking Action When a Breach has Occurred

If you do suspect that you are experiencing a breach, first of all, avoid the impulse to panic. It’s important not to turn off your main server because it may need to be analyzed by a security professional. It would be a good idea instead to switch over to your backup server temporarily to continue business operations while you are assessing the issue.

You may become sure that you are experiencing a breach or are at least certain that you are having an issue that you need to bring in IT help. Whether it’s an on-site team or cybersecurity experts you choose to partner with to help you mitigate the damage, we’ve outlined some helpful action steps below to take immediately after a breach:

Action 1: Transparent Communication

The first step to take when tackling a breach after it’s already happened is immediate communication. Many states in the US have enacted some sort of mandatory breach notification law. This will dictate when, what, and how you are expected to communicate with your customers in the case of a breach. It’s important to understand those particular laws that pertain to your small business. When you are aware of your responsibilities with the state laws, from there involve any internal players that can help with a swift resolution. This might include employees, tech specialists, PR and communications teams, client service managers, etc. Communication in the case of a breach also extends to anyone externally that should know immediately about the incident, including clients and media when necessary.

When considering guidelines for this type of sensitive communication, you should include an approach that is open and transparent, accepting responsibility where necessary. Also, include relevant details regarding the incident and any information surrounding the situation that may have contributed to the incident. Along with detailing the incident, it’s a good idea to mitigate as best as you can with conclusions regarding the incident as well as offer effective solutions for any party that was affected by the breach.

Action 2: Utilize Data Breach Insurance and Legal Support

As a small business, if you have your data compromised without data breach insurance in place, it’s much more likely that your reputation will be severely damaged and the financial strain of the attack could be enough to close your doors. Cyber breach insurance provides protection and support in the case your small business becomes a victim of a data breach.

In the case that it is necessary, you might want to consider attaining the right legal support to help mitigate the damage to your small business. It is wise to consider a legal support team in advance in case of an incident so you are ready to take immediate action should the incident require it. Considering you have done your homework and understand your responsibilities to the state laws, legal support will offer the additional advice to rectify the situation. Ethical obligation to customers could very well exceed the letter of the law.

Action 3: Act on Your Discoveries

A majority of breaches in small and emerging businesses can be traced back to the improper application of technology. It becomes essential, then, to do everything in your power to remedy failure and put into place policies to ensure information is as safe as possible. For example, imposing a strict data encryption requirement for all of your systems and only allowing employees to access stored sensitive data through a VPN connection. A combination of intelligent technology tools and updated policy and training procedures are a great way to hold employees responsible and ingrain the severity of violating data security policies.

Suffering a breach will no doubt illuminate additional ways to improve your company’s use of information technology which is essential, considering the fast pace of cyber threats, both internally and externally. An outside analysis will likely be necessary to update your action plan and prepare for the future. Cybersecurity experts can provide objective results that could offer answers that lay outside of your expertise, furthering your security and safeguarding your data against future incidents.

Action 4: Follow-up with Your Customers along the Way

Now that you have planned your recovery after a breach, including reaching out to experts, and are now on your way back to business as usual with detailed technology solutions, don’t forget about what makes your business run—your loyal customers! While you may think your work is done after an arduous process of reacting and protecting your business operations from further damage, it’s important to include your clientele as part of the action plan to recovery. Reach out to your customers to affirm your commitment to heightened security, reporting the news of new security procedures that will take you on to a successful future. Don’t worry about including every technical detail of your new security protocols, but it will be reassuring to your customer base to know that you’ve invested in more advanced protection in whatever form you decide. This may not succeed in keeping every single customer, but it will boost your remaining clients’ confidence and many loyal persons and businesses will appreciate your conscientious efforts to keep them in the loop and remain transparent. Our customers are a big part of recovering fully from a breach, continue giving them the excellent customer support they deserve!