What Should You Do After a Data Breach?
October 26, 2017 by Bill Rosenthal

Computer with a data breach warning

Data breaches have been a problem for companies for many years. There isn’t a single industry that is immune to the threat of hacking, and the probability that your business will fall victim to a cyberattack is now higher than ever. 

Let’s say that you think you have done all that you can do to prepare your company against attackers, but it still happens. Where do you go from there? What should you do? 

  1. Assess the damage. – The first thing that you should do after a data breach is figure out exactly what has been lost. Determine what the hackers managed to access and if it was absolutely vital information. If your IT department is not capable of handling such a mammoth undertaking, consider hiring a professional team.
  2. Isolate the infected areas of your network. – As soon as you possibly can, change your login credentials for all important servers and accounts. If possible, take the servers or accounts that contain the most vital information offline or isolate them. This can help prevent any further damage until the situation is fully under control.
  3. Check your logs and backups. – Most IT departments create backups for their main servers in the event that the network is brought down or in the case of a malicious cyberattack. Not only can these logs help recover lost information, but they can also be used to compare changes in the network before and after the cyberattack. Insights about the DNS settings, firewall, web servers, and other security information can also be pulled from the logs to help determine how exactly the network was breached.
  4. Report the hack to the necessary authorities. – Typically, it’s not only your company’s data that has been stolen in a data breach. Data such as customer records and information, business details, and sensitive financial information could also have been taken. It is important that you alert your company’s legal department as soon as possible so that the authorities, such as the Department of Homeland Security, can be notified. The information that was stolen from you could very easily end up for sale on the dark web, so give the authorities your full support in the search for the responsible criminals. You must then work with your legal team to figure out how to let customers know.
  5. Ensure this never happens again. – In addition to correcting any technical mistakes that allowed this data breach to occur, take the precautionary measures to ensure that it will never happen again. One of the best ways to do this is by training and preparing your employees against cyberattacks. The weakest link in your overall cybersecurity will always be your employees, which means they should be enrolled in training as soon as possible.

Does the thought of experiencing a data breach send a chill down your spine? It should. Would you like to prevent a possible hack in the future? Make your employees your first line of defense against an attack with our CyberSec First Responder training. You’ll thank us later.