Data Breach Response Best Practices
Despite your best attempts to prepare, you’ve been made aware of a data breach. The nature of this event has you building up some anxiety with the uncertainty of what's to happen next. To get you started, here are some steps you'll need to take:
In our earlier post, we discussed how important it is to have a relationship with a professional in the media before your breach ever occurs. If you haven’t, though, you can still look over news of other recent breaches and find a reporter you’d like to approach. Word of your data breach will get out one way or another; it’ll look a lot better if you’re the one releasing the information.
Identify and Secure Critical Assets
Your business keeps your data as secure as possible, within the limits of practicality. While added security methods may hinder productivity, it’s important to lock down sensitive information until you’ve discovered and rectified the source of the data leak.
Reference Local Law Legal Counsel
This is incredibly important, as 47 states, DC, Guam, Puerto Rico, and the Virgin Islands have laws governing first steps after data breaches, and all of them are slightly different - a full list can be found via the NCSL. It’s also important to consult a legal professional address the suggestions they outline.
Reach out to Relevant Government Agencies
The SEC, DOJ, FTC, and Homeland Security all have various roles in dealing with data breaches. Your legal counsel will know what you'll have to disclose to appropriate agencies.
Alert Board Members
In the past, data breaches were considered a smaller IT problem, with no real repercussions for executives. In the information age, though, those times are long gone. Board members can and will be held accountable by the public for what happens to their clients’ information, so they need to know how to respond to inquiries.
Work on exactly what you’d like told to investors, including what happened, what your next steps are, and how long this will take to fix.
News of your data breach will not stay private, and it’s better your customers hear it from you. Companies like Buffer have pulled through data breaches on a positive note; using transparency and sincerity to deepen customer trust even through a potentially devastating event. A few notes to take from Buffer:
- Clearly frequently communicate your plan
- Show what they can do to further secure their data
- Affirm what steps you're taking to avoid another instance
No one wants to experience a data breach, but with quick action, transparency, and integrity, your business can come out even stronger.