You’ve Been Breached, Now What?

by | Cybersecurity

Cyber attacks on all businesses, but particularly small to medium-sized businesses, are becoming more frequent, targeted, and complex. As much as 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves.  So you’ve been breached, now what?  Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, avoiding catastrophic losses means you need to act quickly and thoroughly.

  1. Stop the Bleed. You will need to move quickly to secure your systems and fix vulnerabilities that may have caused the breach. Deploy your response team who will help determine the source and scope of the breach, collect forensic evidence, and outline remediation steps. Check your network segmentation to analyze whether the breach was contained to a single server.  Update all user passwords. Take all affected equipment offline immediately (do not turn them off).
  2. Gauge your legal exposure. Identify the types of information compromised and consult with legal experts who can advise on federal and state laws that may be implicated by a breach. If you’re covered by the Health Breach Notification Rule, you must notify the FTC, and in some cases, the media. If you’re covered by HIPAA Breach Notification Rule, you must notify the Secretary of the U.S. Department of Health and Human Services.
  3. Notify, notify, notify. Designate a person for releasing information and who can craft and release appropriate and legal breach notices. Call your local police department immediately to report the situation and the potential risk for identity theft.  If account access information (like credit card or bank account data) has been stolen, but you do not maintain those accounts, notify the institution that does so it can monitor the accounts for fraudulent activity. If you collect or store personal information on behalf of other businesses, notify them of the data breach. Consider offering free credit monitoring to individuals whose personal information may have been compromised and refer them to FTC help.
  4. Learn from your mistakes. Review your cyber security posture including alert, prevention, and response systems and procedures. A Managed Security Services Provided (MSSP) can help you develop and implement a strong cyber security posture. Get started with a free self-assessment.
How Utilities Stay Wired for Success

How Utilities Stay Wired for Success

The utility industry is evolving at a rapid pace, with new technologies and tools emerging that promise to help companies deliver more reliable service while keeping costs in check. One technology that is rapidly becoming critical is vehicle connectivity, which allows...

read more
Common Data Backup Mistakes to Avoid

Common Data Backup Mistakes to Avoid

Data backup is an essential part of any small business's IT strategy, ensuring that critical data is protected against loss, theft, or damage. However, despite its importance, many small businesses make common mistakes that could jeopardize their data backup strategy....

read more
Luck Won’t Protect Your Business

Luck Won’t Protect Your Business

You're NOT too small to be bothered by cyber criminals. Some are using you for practice before bigger targets and others are driven by quantity. The statistics back this up: 70% of businesses were victims of ransomware in 2022 (half of them were small businesses) and...

read more

Schedule a FREE Network Assessment

Let us showcase our experience, knowledge, and personal approach.  We will uncover some essential ways to keep your business and your people up and running.

  • This field is for validation purposes and should be left unchanged.