What Should You Do When Your Company Is Hacked? 5 Steps To Follow After A Security Breach

Cyberattacks, ransomware attacks, and data fraud are some of the biggest global risks facing companies today. In 2022, there were 4,100 publicly disclosed breaches at U.S. corporations, a number that only stands to increase. While many business leaders know a breach can affect their reputation and ability to do business, the costly impact to their customers is not as frequently talked about. According to Field Effect, customer personal information is the most common and expensive type of record lost or stolen during a breach.  

Every company regardless of size or industry is at risk of being a target of a cyberattack. So, what should you do if it happens to you? Here are five steps to take after a security breach.

1. Follow your incident response plan and bring in the right team to implement it

The first 48-hours after a cybersecurity incident are key. It is in these first two days that many companies make mistakes that can greatly increase the recovery time and impact of a breach. If you are experiencing an incident, the first thing you should do is implement your incident response plan (you have one, right?). As a part of your plan, you should have a call tree that will allow you to quickly put the right team of experts in place that can immediately start containing and investigating the incident. This team includes experts in digital forensics, legal, your insurance carrier, and a recovery team.  

2. Contain the threat and secure your systems

Facilitate the collaboration of your internal IT team with external experts to investigate the root cause of and to contain the cyberattack. Together they can pinpoint any vulnerabilities in your security system, take stock of what information was lost or stolen, help contain the threat actors, and more. After this, your IT team should take action to assess your existing strategy and harden your environment, making sure prior vulnerabilities are patched. Following a data breach, your company should change all access codes and passwords, replace and harden your backups, and implement additional security solutions, like managed detection and response (MDR) and multifactor authentication (MFA).  

3. Communicate with employees and clients

You will want to coordinate with your legal console first, but you may be obligated to notify your customers. Before informing your customers and employees, it is crucial to seek guidance from your legal counsel to determine the required procedures. In the majority of situations, you will have an obligation to notify your customers, as you may have a legal obligation to keep your customers' or clients' information confidential. This is especially crucial if you are subject to compliance standards such as HIPAA, PCI, or the SEC, as a data breach could potentially result in significant liabilities if client information is exposed. Trying to cover up a cyberattack could lead to lawsuits down the line and ruin your company’s reputation. If your customers’ or clients’ data is compromised, they have a right to know about it so that they can protect themselves. You may also legally have a responsibility to report the incident and provide identity protection services. Work with your legal team to understand your responsibility towards your customers, and your communications team on the best time and format to release a statement. It’s important to let customers know what happened, and what steps you’re taking to resolve the situation and protect them.

4. Update your incident response plan and security protocols

How well-prepared was your staff for the breach? Were they educated on what steps to follow? Did they know who to reach out for support? Complacency is a major issue for businesses without prior security breach experience. Take time to set up new procedures and educate your staff. Your IT team should prioritize user awareness training and teach employees security best practices like watching out for phishing emails and creating unique passwords. Education and awareness are among the best deterrents against data breaches today as one of the biggest pitfalls that can lead to a cybersecurity incident are your own employees

5. Consider cyber liability insurance or an incident response retainer

Cyber insurance is a valuable tool when it comes to protecting your business in the event of a cyberattack, but it can be hard to qualify for.  Cyber insurers have strict standards for clients and have a long list of requirements for businesses to become a client. These requirements may include having MFA on all cloud-based accounts, encrypted backups, cybersecurity awareness training, regular vulnerability scans, and more.  

Cyber insurance can cover your business' liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver's license numbers, and health records. Policies can also cover the cost of: legal fees and expenses, the repair of damaged computer systems, recovering compromised data, and assisting customers affected.

If your organization does not currently qualify for cyber insurance or are not able to afford the premium, consider an incident response retainer as an alternative. Retainers can vary significantly from provider to provider. For example, some simply mean you have a number to call if you are breached but others allow for the cost of the retainer to be applied to proactive services.  

It is important to remember if you recently experienced a data breach and do not take any actions to harden your systems and remediate vulnerabilities, it may not be your last. If threat actors identify a way in, they will continue to use the path until you block it.  

Improve Your Cybersecurity Posture and Keep Entara on Standby

Your IT team may not be equipped with the tools or experience necessary to handle a major data breach or ransomware attack, especially if you are a smaller organization and your budget is limited. Entara is here to support you and provide proactive cybersecurity services that reduce your risk or reactively provide emergency incident response services. Our incident response retainer gives your organization the unique opportunity to both have our experts on call for an emergency as well as have the opportunity to use the full retainer for proactive cybersecurity services from day one.  

From over 125,000 hours incident response work, Entara has learned the importance of taking  a security-first approach to providing integrated cybersecurity and IT solutions. From security awareness training to backup services to infrastructure monitoring, you can count on our team to protect your organization from cyber threats. Contact us today to learn more about how Entara can help you meet your cybersecurity and business goals.