Small business data breach response checklist


Not all data breaches are sensational, highly-publicized events. In fact, smaller and lower profile companies are frequently targeted by hackers due to their less robust cybersecurity defenses. And breaches are not always caused by cyber attacks: They can be inadvertently caused by careless or poorly trained employees. Regardless of the cause, data breaches can be devastating, with fallout ranging from business partners severing ties and legal costs accumulating to a loss of consumer trust.

If your company’s confidential or sensitive data has been accessed by an unauthorized party or has been unintentionally exposed to the public, you should implement your emergency incident response plan immediately. If you feel ill-equipped to cope with the process or need reassurance from the experts, then don’t hesitate to contact us for help.

What to do immediately following a data breach

The 24-hour period following a breach is the most crucial time for rectifying the situation and mitigating loss. The following checklist covers the essential first steps to take:

  • Record the details of the breach, including the time it occurred and who was involved.
  • Notify your IT team so they can begin executing your response plan.
  • Identify the source and extent of the breach. If you do not have an intrusion detection and prevention system, this stage will be more difficult.  But only by understanding what has happened can you ensure any leaks are plugged and security is restored. A forensic team can help you dig deeper into this.
  • Prevent the spread by isolating any affected servers, computers, and areas of your network. Take affected systems offline but avoid tampering with them or turning them off completely as this could impact your investigation.
  • Notify the immediately affected parties. Each data breach differs depending on the amount and type of data involved, your efforts to secure the data prior to the breach, and the federal and state laws implicated in the breach. Once you know which data has been compromised, you can review what the risks are and who needs to be notified in these early stages.
  • Begin recovery by identifying and restoring your most vital data and systems first.

The next steps to take

Although the first 24 hours following a data breach are the most important, the work doesn’t end there. Continue your disaster recovery with the following steps.

  • Take additional security measures. All data should be secured and the breach must be contained from spreading further. Start by changing all passwords and encryption keys. Password managers and multi-factor authentication (MFA) can be utilized as additional security measures.
  • Clear any malware or viruses. If the breach is found to have been caused by a virus or malicious code, you must ensure this has been cleared from your system.
  • Recover your data. If any data has been lost, you will need to try and restore it from backups. If you do not currently back up your data to two different storage types, including one copy off-site, then now is a good time to review and improve your protocols. a COUPLE of GURUS can help with this via our Backup and Disaster Recovery Service.
  • Fulfill legal obligations. As your investigation into the breach continues, you may be required to contact the relevant authorities and engage legal counsel if the breach is serious enough to warrant it. For example, those governed by HIPAA regulations are required to provide notification of the breach to affected individuals, the Secretary, and – in cases affecting more than 500 residents of a State or jurisdiction – the media in a specified format and timespan. All aspects of your investigation and mitigation efforts must be documented carefully and any digital evidence should be stored securely.
  • Notify any remaining injured parties. If personal data has been exposed, you may need to alert those affected or make an announcement to shareholders or the public. Generally, it is better to make this disclosure as soon as possible, giving the public a chance to secure their data. The longer a company waits to disclose a data breach the more likely it is that an injured party will find out about the breach from an unofficial source, leading to misinformation and ill-will towards your company.
  • Inform the public. If the incident was widespread, data breach disclosure laws may come into play and require some specific deadlines and disclosure formats. However, it is likely that the details of disclosing the breach to the public will be left to your discretion.

You should approach this with care by explaining carefully what went wrong, how you are rectifying the situation, and what steps you are taking to ensure it doesn’t happen again. You may wish to engage a public relations specialist to help uphold your company’s image.

Protect your business today

No organization can guarantee immunity from data breaches, but a decisive response can save you significant time and money in the long run. By following cybersecurity best practices and a predetermined incident response and recovery plan, the potential risk and damage can be greatly reduced.

If you need emergency assistance following a data breach, don’t hesitate to contact a COUPLE of GURUS. If you’re yet to experience a breach but lack confidence in your existing protocols, we can also implement backup and disaster recovery plans, cybersecurity measures, and employee training to secure your business. Get in touch today to find out more.