SEK

Recent News & Blog

Recent News & Blog / Responding to the Nightmare of a Data Breach

It’s every business owner’s nightmare. Should hackers gain access to your customers’ or employees’ sensitive data, the very reputation of your company could be compromised. And lawsuits might soon follow.

No business owner wants to think about such a crisis, yet it’s imperative that you do. Suffering a data breach without an emergency response plan leaves you vulnerable to not only the damage of the attack itself, but also the potential fallout from your own panicked decisions.

5 Steps to Take

A comprehensive plan generally follows five steps once a data breach occurs:

Call Your Attorney

He or she should be able to advise you on the potential legal ramifications of the incident and what you should do or not do (or say) in response. Involve your attorney in the creation of your response plan, so all this won’t come out of the blue.

Engage a Digital Forensics Investigator

Contact us for help identifying a forensic investigator that you can turn to in the event of a data breach. The preliminary goal will be to answer two fundamental questions: How were the systems breached? What data did the hackers access? Once these questions have been answered, experts can evaluate the extent of the damage.

Fortify Your IT Systems

While investigative and response procedures are underway, you need to proactively prevent another breach and strengthen controls. Doing so will obviously involve changing passwords, but you may also need to add firewalls, create deeper layers of user authentication or restrict some employees from certain systems.

Communicate Strategically

No matter the size of the company, the communications goal following a data breach is essentially the same: Provide accurate information about the incident in a reasonably timely manner that preserves the trust of customers, employees, investors, creditors and other stakeholders.

Note that “in a reasonably timely manner” doesn’t mean “immediately.” Often, it’s best to acknowledge an incident occurred but hold off on a detailed statement until you know precisely what happened and can reassure those affected that you’re taking specific measures to control the damage.

Activate or Adjust Credit and IT Monitoring Services

You may want to initiate an early warning system against future breaches by setting up a credit monitoring service and engaging an IT consultant to periodically check your systems for unauthorized or suspicious activity. Of course, you don’t have to wait for a breach to do these things, but you could increase their intensity or frequency following an incident.

Inevitable Risk

Data breaches are an inevitable risk of running a business in today’s networked, technology-driven world. Should this nightmare become a reality, a well-conceived emergency response plan can preserve your company’s goodwill and minimize the negative impact on profitability. We can help you budget for such a plan and establish internal controls to prevent and detect fraud related to (and not related to) data breaches.

We’d love to talk!

SEK is proud to provide Guidance You Can Count On. Complete the form below, and the team member best suited to help you will be in touch soon.

Requested Services
One file only.
64 MB limit.
Allowed types: pdf, doc, docx.
Back to Top