So You’ve Been Hacked — Now What?

Recovering Business After a Data Breach
Hacking is a major problem for businesses on the web. Even if you own a brick and mortar store, you can still be susceptible to a data breach. No one is immune to this growing problem, including some of the biggest companies in the world. The news has covered many breaking stories about major data breaches which impacted companies like AOL, eBay, JP Morgan Chase, Home Depot, Adobe, Gap Inc. – even the U.S. military! What will you do if you find your business added to this ever-growing list?
Have a Customer Notification Policy Ready
If you don’t have a customer notification policy in place, now is the time to make one. Most states and the District of Columbia all require businesses to notify customers when their personal data is compromised. Know the requirements in your state so you can make sure your policy is in accordance with local laws. This will apply, even if your customers do not reside in the same state or region.
Validate the Authenticity of the Breach
As the old saying goes, “If it looks like a duck, swims like a duck, and quacks like a duck, then it’s probably a duck.”  Alas, that same concept doesn’t always apply to data breaches because sometimes a situation that looks like a breach may not actually be one. Determine whether sensitive data was disclosed and where it went before handling the situation as identity / data theft.
Assign a Top-Level Manager to Handle Breach Recovery
Assign a senior-level individual to handle data breach recovery. This person should be at a director-level position or equivalent. They will be responsible for coordinating the recovery process across all affected departments / units. This will be the go-to person for information and updates so the recovery process is as smooth and streamlined as possible.
Create an Incident Response Team to Cover All Bases
Your incident response team should be made up of all the individuals needed to handle all areas within the recovery plan. The team should include someone from management, IT, PR, HR, legal, finance, risk management, and someone assigned by your chosen senior-level manager to serve as incident manager.
Determine the Extent of the Breach & Notify Authorities if Necessary
Know the extent of the breach so you know who should be notified. If you suspect criminal activity, notify law enforcement immediately as well as any applicable local, state, or federal organizations. You should also determine what devices or machines were impacted and preserve evidence as much as you can. Evidence preservation should include hardware, images, video footage, backup files, electronic logs, records, and anything else relevant to the breach.
Review Your Systems to Identify Weak Points
Once the current data breach has been stopped and is under control, your focus should turn to making sure it doesn’t happen again. It’s difficult to regain consumer trust after one breach, but a second or third is sure to damage your business. Review your current system for weak points and determine what needs and/or could be improved. Make the necessary changes to ensure solid post-breach security.
Instruct Employees in the Art of Identifying a Data Breach
Make sure your employees understand how to identify a data breach. Early detection is a good way to limit the damage and fallout associated with a breach. Employees should understand what a data breach is, how it can negatively impact the business, and what to look for in their day-to-day job for early identification.
Continue Monitoring for Future Data Breaches
Even after making improvements to your current system, your company should actively monitor the potential for future breaches. This includes regular evaluation of your systems and practices and keeping track of hacker activity. Pay attention to news stories and other resources that cover / discuss data breaches. This will give you some perspective on how the activity has evolved and the best way to protect your assets even as hackers get better at what they do.