Have You Been Hacked? How to Recover From a Data Breach

What is a data breach?

A data breach is any incident of an unauthorized person bypassing cybersecurity measures to view or steal confidential information. A data breach could take many forms, ranging from unintentional access to protected information to the deliberate penetration of a database to copy or steal corporate secrets. Sometimes, cybercriminals even try to corrupt an entire system.

What is the impact of a data breach?

A data breach can cost a small business around $38,000, according to a study by Kaspersky Labs. That cost can be exponentially larger for bigger enterprises. A report by IBM estimates the average cost at around $8 million, and the breach can devastate business operations, customer security, and even your workforce, depending on the type of attack.

You should keep your software up to date and compliant with corporate security policies, because the potential damages are catastrophic. Any one aspect of a data breach could put an entire organization out of business.

How to identify a data breach

You can’t start recovering from a breach unless you know it’s occurred, so it’s critical to learn how to identify when something has gone wrong. In many cases, though, there aren’t any telltale signs that you’ve been hacked.

“Often, businesses discover that they have been breached for the first time months after it happened, when they are informed by law enforcement, business partners, banks, or the media, who themselves discover the businesses’ data being sold on the black market,” said David Zetoony, a partner with international law firm Bryan Cave. “Other businesses may have been breached months or even years ago and still do not know.”

However, a few things may still tip you off to a security problem. Francoise Gilbert, founder of the IT Law Group, said that slow or lagging computer response time, pop-up windows that you can’t close, client reports of spam emails from your account, or strange programs or websites asking for your credentials could all be signs of a data breach. If malware or a virus is discovered on your system, you’ll also want to investigate to see if any data was compromised.

What to do when a breach occurs

By the time you discover a breach, the hacker has likely already stolen or misused the information and erased their trail. Therefore, your first priority after discovering a breach should be to piece together what happened, how bad the breach was, and which customers might have been impacted, Zetoony said.

• Retain a specialist. A forensic expert can find, preserve, and analyze electronic equipment and data to assess precisely what happened and prevent repeat breaches.

• Contact your legal department. A lawyer specializing in data security breaches typically advises an organization to notify consumers, the public, insurance providers or regulators.

• Stop using any infected equipment. When you discover a breach, you should immediately stop using any device that has been compromised and physically disconnect any internet connections. This will not only help preserve evidence for an investigation, but also prevent further breaches in the short term.

• Back up critical data. Once your machine is disconnected from the internet, you can create redundancy of critical information like access and activity logs, customer lists, payment information, and trade secrets.

What is cyber insurance?

Cyber insurance is a type of business insurance that helps you recover from cybercrimes like extortion, fraud and data breaches by reimbursing you for expenses due to a data breach, while offering a barrier against liability to customers or clients. It’s kind of like car insurance: Your auto insurance provider covers damages caused by a road incident and any third parties involved.

When considering cyber insurance providers, ask them how they’ll help you mitigate your business’s risk of cyberattacks. Insurance providers can often provide guidance and training to reduce your company’s risk, like teaching you and your team how to avoid phishing scams and detect a breach so you can take quick action to minimize the impact. Several measures are available to businesses, including virus protection and firewalls, to keep criminals out.

Informing affected parties

Once you’ve assessed the initial damage and potential cause, your next order of business is to break the news to your business partners, vendors, customers and any other stakeholders.

“Besides the technological aspect, one of the most important ways to recover a company’s reputation and relationship with its customers and clients is to ensure these parties are properly notified and taken care of,” Bruemmer said. “Companies should send clear and concise notification letters that help affected parties know what to do and how to protect themselves from identity theft. The breached company should always offer a remedy, such as an identity theft protection product so they receive free monitoring and access to their credit report as well as assistance with resolving fraud.”

Nicholas Gaffney, a lawyer and founder of legal media relations firm Zumado, said it’s important to have a response team in place that will work quickly to preserve and enhance the reputation of your organization after a data breach. This means having a team member serve as the point person for official responses to inquiries about the breach, as well as being transparent and consistent in all communications about it.

How to prevent future breaches

It’s a long road to recovery after your company suffers a data breach, but once you have the situation under control, you can learn from it and work to prevent another incident.

1. Provide cybersecurity training for your staff.

Gilbert said that a highly trained and vigilant staff is the key to minimizing the risk and damages of future breaches. Your employees should take extra care when using company equipment and learn to recognize clues that could indicate compromised information. [Do you have remote workers? Make sure they know these cybersecurity tips for working from home.]

2. Regularly audit connected devices.

Conduct a periodic sweep of all your personnel’s equipment to catch any malware and security holes. This basic practice is almost like regular maintenance for your equipment. Making sure there are no obvious vulnerabilities on a regular basis helps keep breaches from happening in the first place. This is especially important for organizations with a bring-your-own-device policy.

3. Use a VPN.

The best virtual private networks (VPNs) can prevent a targeted attack from occurring in the first place. Setting up a VPN creates a private connection to the internet, acting as a tunnel to prevent anyone outside the network from seeing who you are, what you’re doing and where you’re located.

Zetoony reminds businesses that, given enough time, a data security incident is as inevitable as any other type of crime, but you can learn from it to handle it better going forward.

“If you view each breach as a learning exercise, you won’t be able to stop them necessarily, but you can learn how to respond to them more efficiently, quickly, and with less impact to your business and your customers.”

Eduardo Vasconcellos and Nicole Fallon contributed to the writing and reporting in this article. Source interviews were conducted for a previous version of this article.