Have You Been Hacked? How to Recover From a Data Breach

What is a data breach?

A data breach is an incident in which an unauthorized party bypasses a business’s cybersecurity measures to view or steal confidential information. Data breaches can take many forms, ranging from unintentional access to protected information to the deliberate penetration of a database to copy or steal corporate secrets or intellectual property. Cybercriminals may even try to corrupt an entire system. 

While you may not be able to prevent cyberattacks entirely, proper preparation can help you mitigate the damage of a data breach and resume normal operations. 

Unfortunately, many businesses don’t realize they’ve been attacked until months later, if not longer. 

“Often, businesses discover that they have been breached for the first time months after it happened when they are informed by law enforcement, business partners, banks or the media, who themselves discover the businesses’ data being sold on the black market,” said David Zetoony, co-chair of the U.S. data privacy and cybersecurity practice at law firm Greenberg Traurig. “Other businesses may have been breached months or even years ago and still do not know.”

How to identify a data breach

You can’t start recovering from a breach unless you know you’ve been hacked. Keep an eye out for these signs of a security problem or a computer infected with malware: 

• Slow or lagging computer response times
• Pop-up windows that users can’t close
• Client reports of spam texts and emails 
• Websites or programs asking for your credentials 
• Files appearing to change for no apparent reason

What to do when a breach occurs

Recovery from a data breach will look different for every business, depending on the attack and its consequences. However, every organization’s first step will be to piece together exactly what happened and determine the extent of the attack and which customers were affected. 

Three resources will be essential to handling the crisis and starting your business’s recovery: a response team of data breach specialists, legal counsel, and a communications team. You must contact or activate these parties immediately so they can guide you through the vital next steps. 

1. Hire a data breach specialist.

You may have a robust internal IT team or IT manager who’s ready to step in to handle the data breach and its aftermath, or you may need to seek outside help. Consider hiring a forensic expert, who can find, preserve and analyze electronic equipment and data to assess precisely what happened and prevent future network threats and vulnerabilities.

Aside from analyzing the breach’s cause, a data breach specialist will ensure you take these essential steps:

• Stop using any infected equipment. When you discover a breach, you should immediately stop using any compromised devices and physically disconnect any affected technology from the internet. These measures will help preserve evidence for the investigation and prevent further breaches in the short term.
• Back up essential data. Once your machine is disconnected from the internet, you can create redundancy of critical information, like access and activity logs, customer lists, payment information and trade secrets. Protecting this data can help you get back on your feet faster.

2. Contact your legal department to guide customer notifications and legalities. 

If you don’t have an internal legal department, seek out a lawyer who specializes in data security breaches to help you handle all of the legalities involved. For example, your legal counsel can guide you through the process of notifying consumers, the public, insurance providers, business partners, vendors, regulators and any other stakeholders.

“Besides the technological aspect, one of the most important ways to recover a company’s reputation and relationship with its customers and clients is to ensure these parties are properly notified and taken care of,” said Michael Bruemmer, head of global data breach resolution at Experian. “Companies should send clear and concise notification letters that help affected parties know what to do and how to protect themselves from identity theft.”

Your legal counsel will advise you on what you must provide to affected parties. “The breached company should always offer a remedy, such as an identity theft protection product so they receive free monitoring and access to their credit report as well as assistance with resolving fraud,” Bruemmer noted.

3. Put a communications team in place. 

Your business may have internal public relations and legal resources you can tap to handle your crisis communications. However, many businesses must patch together a crisis response team with outside help to communicate with customers, the media, stakeholders and more. In any case, a cohesive communications strategy is crucial to withstanding the storm and moving forward. 

Nicholas Gaffney, a lawyer and founder of legal media relations firm Zumado, said a response team should be activated immediately to work quickly to preserve and enhance your business’s reputation. A team member or hired representative should serve as the point person for official responses to inquiries about the breach. All communications must be transparent and consistent.

What is the impact of a data breach?

Cyberattacks cost small businesses dearly. In fact, according to an IBM study, the global average cost of a data breach stemming from a cyberattack is $4.45 million. Businesses can suffer devastating financial repercussions, reputational damage and legal consequences. 

• Economic costs: A breach can financially devastate a business’s operations. Costs can include legal fees, fines, lawsuit expenses, loss of income, payments to experts who help to repair the breach, and costs to reenter or replace data lost during the breach. You also may have to spend money on advertising and other communications to reassure customers and business associates that such a breach won’t happen again.
• Reputational damage: A data breach can shatter a company’s reputation. Customers may be wary of doing business with you if they’re concerned about data security. Additionally, employees and partners may try to extricate themselves from the situation as quickly as possible.
• Legal consequences: Your business may face legal consequences after a data breach, including lawsuits and fines if employee or customer data is exposed. You may face additional penalties and repercussions if data belonging to other businesses is exposed, especially if that data includes trade secrets or other information protected under nondisclosure agreements. And if you mishandle the situation, your legal woes may be exacerbated. It’s crucial to secure legal representatives early on in the process.

How to prepare for and mitigate future breaches

Whether you’ve survived a data breach and want to ensure it doesn’t happen again or you’re being proactive, take these steps to prepare for and mitigate future breaches: 

1. Provide cybersecurity training for your staff.

A highly trained and vigilant staff is vital to minimize the risk and damages of future breaches. Your employees should take extra care when using company equipment and learn to recognize signs of compromised information. If team members telecommute, enact remote cybersecurity measures, like multifactor authentication and secure network access. 

2. Audit connected devices regularly.

Conduct a periodic sweep of your staff’s equipment to catch malware and security holes. If your office has a BYOD policy, you should enact extra security measures, such as installing antivirus software, using firewalls and limiting access.

Auditing connected devices is similar to performing periodic equipment maintenance. Regularly checking for obvious vulnerabilities helps prevent breaches by securing your devices from hackers.

3. Use a VPN.

A virtual private network (VPN) can prevent a targeted attack on your systems. Installing a VPN connection creates a private path to the internet. It acts as a tunnel to prevent anyone outside the network from seeing who you are, what you’re doing and where you’re located.

4. Obtain cyber insurance to help you recover if a breach occurs. 

Cyber insurance is a type of business insurance that helps you recover from cybercrimes such as extortion, fraud and data breaches. These policies can reimburse you for data breach expenses while offering a barrier against liability to customers or clients. 

When you’re considering cyber insurance providers, ask them how they’ll help you lessen your business’s risk of cyberattacks. Insurance providers can often provide guidance and training to reduce your company’s risk. 

5. Install antivirus software and other protective measures. 

Antivirus software isn’t fail-safe, but it can help protect businesses from malware, ransomware and other malicious attacks that can lead to a data breach. If your business is budget-conscious, several reputable free antivirus solutions can help protect your systems. Firewalls and intrusion-detection systems are also advised. 

To avoid vulnerabilities, it’s crucial to keep all antivirus and other business software platforms updated and compliant with corporate security policies. 

6. Set up a data breach response plan.

Adding a data breach response plan to your corporate policies — and practicing it regularly — can help you detect attacks sooner and lessen the damage. Like any business disaster plan, a data breach response plan can help you get back to work faster. Appoint team members to handle IT functions, legal issues, PR responses and customer communications so you can spring into action at the first sign of an attack.

“Since it is really more of a question of when than if, when it comes to data breaches, we always recommend having a detailed and thorough data breach response plan in place,” Bruemmer said. “And not only should that plan be created, but it needs to be practiced and updated on a regular basis to ensure it accounts for the latest threats, including attacks like ransomware.”

Dealing with data breaches

Data breaches can be scary, but businesses can take steps to make them less likely and reduce the damage if one occurs. It’s similar to preparing your business for any other kind of emergency or disaster.

Zetoony reminded businesses that although most companies will experience a data security incident at some point or another, they can learn from these experiences. 

“If you view each breach as a learning exercise, you won’t be able to stop them necessarily, but you can learn how to respond to them more efficiently, quickly and with less impact to your business and your customers,” Zetoony noted.

Steven Melendez contributed to this article. Source interviews were conducted for a previous version of this article.