Recent high-profile data breaches (think T-Mobile, First American Corporation, Marriott International, and Equinix) have made consumers more aware of the potential consequences of doing business with companies that don’t take cybersecurity seriously.
More and more consumers understand that data breaches put their own security at risk by exposing sensitive information, such as email addresses, phone numbers, credit card details, and more, to cybercriminals who don’t hesitate to use it for nefarious purposes.
A survey by PCI Pal revealed that 83 percent of consumers in the United States would stop doing business with a company for several months immediately after a security breach, and 21 percent would never return to that company.
Indeed, the impact data breaches have on organizations that experience them is always severe, but it can become downright devastating unless breached organizations take certain specific steps immediately after a data breach to regain lost trust. So, what should a company do after a data breach? Let’s look at these steps on what to do after a data breach more closely.
Download
DoD Contractor’s Guide to CMMC 2.0 Compliance
1. Address the Cause of the Data Breach
Before you do anything else, you need to take all affected systems offline and keep them isolated until you’re certain that the cause of the data breach has been addressed. Just like murderers in crime novels, cybercriminals like to return to the scene of the crime to see if the vulnerability that enabled the data breach is still present.
The last thing you want is to spend a lot of time and effort trying to regain trust after a data breach only for another data breach to occur, exposing even more sensitive customer information. It’s practically guaranteed that two data breach incidents in a row would result in irreparable reputational damage.
This is where having an effective incident response plan in place can be the difference between quickly putting out the fire and seeing it consume your entire IT infrastructure. In a nutshell, an incident response plan is a documented set of procedures whose purpose is to address security incidents as quickly and painlessly as possible. If nothing else, it should cover the most likely and most severe incidents so their impact can be minimized.
2. Follow Data Breach Notifications Laws
In the United States, all 50 states have enacted data breach notification laws that clearly describe the responsibilities breached organizations have when it comes to notifying their customers and all other affected parties following a security incident. Not following data breach notification laws can result in severe financial penalties and make the organization seem ill-prepared.
Organizations that store data belonging to customers located outside the United States also have to follow data breach notification laws that are extra-territorial in scope, such as the General Data Protection Regulation (GDPR), which sets a maximum fine of €20 million (or 4 percent of annual global turnover) for non-compliance.
3. Communicate as Honestly and Openly as Possible
In 2017, it was revealed that Uber attempted to cover up a cyberattack it had experienced a year before. The cyberattack in question was no minor incident either. It exposed data of 57 million riders and drivers. It allegedly cost Uber $100,000 to convince its hackers not to publicize the breach to media or regulators.
If Uber knew that it would be fined $148 million for its data breach cover-up just two years later, the technology company might choose a different approach, like honestly explaining the incident and facing the consequences head-on. Even though Uber recovered financially, its reputation is forever damaged.
For the same reasons, we recommend all data breach victims to always communicate as honestly and openly as possible. If you don’t know how exactly the breach happened, then it’s okay to say so, but make sure to stress that you’re actively investigating the cause. It’s a good idea to have a public relations firm on standby so that you can promptly receive assistance when your own ability to salvage your reputation through honest and open communication starts to fail you.
4. Help Affected Customers Protect Themselves
Depending on what kind of customer information has been leaked, your customers may be at immediate risk of being hacked themselves. This is a great opportunity to show that you stand behind them and are willing to go above and beyond to help them minimize the consequences of the data breach incident that your insufficient cybersecurity caused.
To start with, give your customers enough information for them to know what exactly is going on. Do they need to change their email passwords? Should they worry about identity theft or spear phishing? Since these are just some questions that you need to answer, it may be worth opening a dedicated support line. It will show that you have your customers’ best interest at heart, not just your own.
5. Contact Your Cyber Insurance Provider
Hopefully, you have cybersecurity insurance coverage that protects your organization from the financial losses caused by a data breach. If so, then you need to contact your insurance provider as soon as possible to get them involved in the recovery process. Detailed contact information for your insurance carrier’s claims department should be included in your incident response plan.
In the event of a data breach incident, cyber insurance providers typically appoint a breach response manager whose job is to understand the nature of the incident. The manager also helps with the implementation of the response plan to minimize the impact of the data breach as much as possible.
Depending on your cyber insurance policy, your provider may also connect you with a public relations firm to help you control reputational damage, which is a major contributor to the indirect costs of a data breach.
6. Strengthen Your Cybersecurity Defenses
If you really want to regain and, more importantly, maintain trust after a data breach, then you need to strengthen your cybersecurity defenses so that a similar incident won’t happen again in the future.
We don’t mean just addressing the single exploited vulnerability that has resulted in the most recent breach; we mean implementing additional policies and controls to make it more difficult for hackers to exploit any vulnerability they come across in the future.
Examples include multi-factor authentication, continuous monitoring, advanced endpoint protection and email filtering, endpoint encryption, DNS filtering, and others. Basically, your goal is to make sensitive data and the devices the data is stored on harder to access without proper authorization, both from inside and outside your business network.
We Can Help Regain Trust After a Data Breach
A provider of managed cybersecurity services, such as us at OSIbeyond, can help you strengthen your defenses so that your customers see you as a trustworthy business partner again. While we do what we do best, you can maintain complete focus on your customers and your business.
Schedule a meeting with us for more information.