How to Safely Navigate a Data Breach header image

How to Safely Navigate a Data Breach

Cybersecurity is important for companies of all sizes. Small companies are just as at risk for security breaches as large companies. In fact, according to Symantec’s 2016 Internet Security Threat Report, small businesses have become a big target for phishers. With cyber-attacks becoming increasingly more popular, it’s important to develop a data breach response plan to help protect your business.

Types of Cyber-Attacks

Regardless of how safe your business feels its systems are, it’s good to be aware of the different types of cyber-attacks that your business could face and how to report a data breach should it happen to you. There are many kinds of security breaches, and here are a few:

  1. Malware: Malware is defined as a code with malicious intent that typically steals data or destroys something on the computer. It’s often introduced to a system through email attachments, software downloads, or operating system vulnerabilities. Avoid malware by not clinking on links or attachments from unknown senders.

  2. Phishing: Much of the time phishing is a request for data via email from a trusted third party. Often phishing emails will ask users to click on a link or enter personal data. If you receive a request from a trusted third party, verify with them before providing any personal information.

  3. Password Attacks: A password attack is when a third party gains access to your systems by figuring out a user’s password. The best way to prevent this type of attack is to ensure that your passwords are strong by using a combination of upper and lowercase letters, symbols, and numbers.

  4. Rogue Software: Rogue software is malware that disguises itself as legitimate and necessary security software that you need to download in order to keep your system safe. Often these attackers make pop-up windows and other alerts look legitimate so you’ll download the software. The best way to protect yourself from this type of attack is to ensure your firewall is updated. 

Has your Company Data Been Comprised?

According to Verizon’s 2016 Data Breach Investigations Report, in over 80 percent of cases, victims didn’t find the data breach for weeks or more. It may only take hackers a minute or two to hack into your systems but it can often be weeks before a company discovers they’ve been hacked. It’s crucial that business owners stay on their toes and keep a close eye out for any suspicious activity on their network. You might begin noticing things like your system activity logs stop matching up, an employee receives an email attachment from another colleague that wasn’t sent by them at all, or you notice unauthorized downloads. If you notice any of these signs or other strange activity, your data may be compromised, and it’s important to act quickly.

Create a Data Breach Response Plan

Although you might be confident in your business’ efforts towards preventing a data breach, it’s still a good idea to have a response plan in place in case your systems are comprised. A plan can be a tremendous help in the event of a data breach and help you minimize any additional losses or breaches. According to the Federal Trade Commission, you should plan to take the following steps after a data breach:

  • Secure Your Operations and Fix Vulnerabilities: Avoid any additional data breaches by quickly securing your systems and fixing vulnerabilities that caused the breach.
  • Notify Appropriate Parties: Once you’ve secured your systems and fixed any vulnerabilities, you’ll need to begin thinking about how to notify affected businesses and individuals as well as law enforcement. It’s important to report the data breach as soon as possible.

Informing Your Customers of a Data Breach

  • Delivering bad news to your customers is tough and you don’t want to make it worse by sending your customers a confusing or overly technical letter that might unnecessarily alarm them. In a majority of states, companies that have suffered a data breach are required to send letters to all affected parties whose personal information has been compromised. However, these letters don’t need to cause panic. Your goal should be to inform, educate and reassure your customers. Here are a few tips to follow:

  • Give the details: Your customers deserve to know this information and giving these details lets them know that your promise to clean up the mess is reliable.
  • Soften your tone: Softening the language in your letter while keeping it straightforward and concise will go a long way in customer reassurance. You want your customers to know that you’re going to take care of them and their data.
  • Check for readability: Use bullets and boldface topic headlines to help keep your communication short and clear. Make it easy for your customers to spot the important stuff.

Protect Your Business from Potential Data Breaches

Ensuring that your business, employees and customers are protected from thieves is important to the success of your business and everyone's livelihood. Social Security numbers, birth dates, driver's’ license numbers, credit card information and public health information are just some of valuable data customers entrust businesses with. Data breach insurance reimburses the costs of investigating the cause of a breach, helps you notify affected individuals and can help provide public relations services to help offset damage to your brand. The end result is peace of mind for you, your customers and your employees. Learn more about how Farm Bureau Financial Services can protect your business. 


Sources: https://www.symantec.com/content/dam/symantec/docs/infographics/istr-attackers-strike-large-business-en.pdf

http://quickbooks.intuit.com/r/technology-and-security/8-types-of-cyber-attacks-your-business-needs-to-avoid/

https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business

http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

How can I help you?