Equifax, Target and Yahoo each suffered a massive data security breach that made their customers vulnerable. While you may think you are safe because your customer data isn’t nearly as interesting as these giant corporations, nothing could be farther from the truth. Hackers love small businesses because they tend to be easier to attack.
According to CNBC, hackers have already breached 14 million small businesses in the United States. If you are (or become) one of these businesses, here are five steps to immediately take in the wake of a data security breach.
1. Report the Hack
You may want to keep it quiet, but that’s considered illegal in most states. As Fortune points out, only Alabama, New Mexico and South Dakota do not have data breach laws. Your customers have a right to know that there has been a data security breach that affects them. Depending on your business and what information you hold, a hack might put clients at serious financial or security risk. If you don’t tell them, they are likely to find out eventually—and the results could be worse for you.
You may also have to report the breach to government officials, depending on your state laws. Double check with an attorney who specializes in this area. Regardless of your state laws, you should report the occurrence to the police. Maybe they will catch the hacker and maybe they won’t, but unless you file a police report, nothing will happen.
2. Reset Your Passwords
Yes, the horse is already out of the barn—but unlike horses, your data can be simultaneously stolen and remain your possession. Therefore, it’s important to quickly reset passwords. While security experts used to recommend relatively short passwords with numbers, letters and symbols, it turns out that those are far easier to hack than longer phrases that are simple to remember. For example, “Ireallylovetoeatgreenapples” will take longer for a hacker to crack than “aPpl3s!”
Additionally, check to make sure passwords are changed after employees leave the company. A former disgruntled employee is often a prime suspect in a data breach.
3. Rebuild Your Systems
Depending on the hack, you may need a few fixes or you may need a complete re-build. If your systems were easily hacked, it may be time for completely new systems. It sounds expensive (and it can be) but remember that the most important thing for most businesses is their data.
4. Conduct “Penetration Testing”
Even if you have fixed your systems with top-of-the-line, super secure systems, you can’t be assured that you are safe from future problems. You need to know what your weaknesses are—and figure out how to fortify your systems.
Penetration testing is a tool where a “hacker” tries to get through your firewalls, virus protection and other safeguards. Hire a professional to do this for you. Uncovering potential problems and fixing them today can save your data tomorrow.
5. Stay Vigilant
You have to be on the constant lookout. As your systems become more sophisticated, the hackers will also become more sophisticated. Your livelihood depends on securing your data, and their livelihood depends on hacking your data. It’s a constant war. Make sure your software is routinely updated in a timely fashion. If you have an IT professional on staff, send them to regular training seminars so they are always up to speed on the latest developments. If you have an outside firm that handles your computer functions, ask them about their policies concerning training and continuous learning.
A data security breach can be devastating to your business, so take every step to repair the damage and prevent it from happening again.