The 5 Steps Your Firm Should Take After a Data Breach

Posted on: 11/13/19
Written by: Lindsey Weiss
Topics: Technology

cybersec

Do you assume you’re not on cybercriminals’ radar because of your A/E firm’s small size? If so, you could be making a costly mistake. While data breaches affecting large enterprises get the most press, it’s small businesses that are most likely to be targeted by a cyberattack. Recent statistics report that 58 percent of all data breach victims are small businesses.

Why do cybercriminals target small businesses? Not only do small businesses have fewer resources to prevent, detect, and contain a cyberattack, but they’re also a crucial access point to larger businesses. In fact, supply chain attacks, in which cybercriminals infiltrate systems via outside vendors, increased 78 percent in 2018. Even when your firm isn’t the target, cyberattacks do major damage to your company’s reputation and business relationships.

Preventing cyberattacks is paramount for small businesses and requires a comprehensive approach that addresses all potential sources of cyberattacks — from malicious insiders to careless employees to vulnerabilities in your company’s network. However, even the most careful organizations can be affected by a cyberattack. After all, while you can take every precaution, the human factor makes it impossible to close every gap.

While you can never be too careful in preventing cyber attacks, it’s equally important to have a response plan if your firm is affected by a data breach. These are the five steps you can take to minimize damage and downtime after your small business is affected by a cyberattack.

Identify and Contain the Breach
With luck, your firm has an intrusion detection and prevention system your IT team can use to identify the source of the data breach and determine which records were affected. However, if you’ve yet to take this very important cybersecurity measure, you’ll need a digital forensics team to collect any evidence. It’s recommended to take equipment offline and change log-in credentials once a breach is detected to prevent ongoing damage. However, avoid taking further action before your digital forensics team assesses the situation.

Recover Affected Data
To minimize downtime, firms should move quickly to recover compromised data. If your company doesn’t have an in-house IT team, outsourcing to a data recovery agency is a must. However, even if you do have IT professionals in-house, it may be wise to outsource data recovery efforts to a company such as Secure Data Recovery. While in-house IT teams are skilled at managing day-to-day issues, they often lack the expertise for rapid data recovery.

Fulfill Legal Obligations
All states have some form of data breach notification laws. Since states set time limits on how long an organization has to notify stakeholders of a data breach, it’s important to familiarize yourself with relevant laws as soon as possible to avoid non-compliance. Most firms find it beneficial to hire both legal representation and a public relations firm to ensure notices are both accurate and crafted in a manner that maintains the company’s reputation.

Make Amends
It’s impossible to avoid a reputational hit following a data breach, but offering affected customers a year of free credit monitoring services goes a long way in re-establishing trust. While there are costs involved, the investment is worthwhile if it helps your firm retain loyal customers.

Perform a Security Audit
After a data breach, it’s critical that your company assess its cybersecurity practices. A security audit enables you to identify the vulnerabilities that allowed a breach to happen and the measures needed to prevent a similar breach in the future. Again, if your firm lacks in-house cybersecurity expertise, outsource to an agency qualified to assess risks and develop an improved incident response plan.

Cyberattacks can be extremely damaging to small businesses, both in recovery costs and lost revenue. When your firm is affected by a data breach, the best thing you can do is move quickly and invest in the right experts to contain the breach and resolve the cybersecurity weaknesses that allowed malicious actors to infiltrate your systems. With speedy, thorough action, you can minimize the damage of a data breach and get your company back to business.

About the Author: Lindsey Weiss is the co-creator of Outbounding, which connects your organization with the publishers and webmasters who care about your vertical.
Image via Pexels

 

PSMJ is always looking to publish diverse views on issues and trends in the A/E/C industry. We invite you to submit a 500-word post on any industry-related topic. We look forward to hearing from you.
Guest Blogging
 
 

 

SUBSCRIBE TO BLOG:
November 14, 2024

Tips for Establishing a Technology Council and Get Your Firm’s Technology Act Together.

PSMJ Senior Consultant Brian Burnett says that Deltek’s most recent Clarity: Architecture & Engineering Firm Study vindicates the position that AEC firms need to focus more on..

Read More
November 11, 2024

Unpacking The Post-Election Impact for AEC Firms

After the larger-than-expected Republican election victory, let’s step back and look at what it means for the U.S. AEC industry. The three biggest drivers for our industry are (1)..

Read More
November 7, 2024

PSMJ16 vs. SPY

How is the A/E/C industry doing compared to the overall economy, and how can you apply stock price trends of publicly traded companies to making better strategic decisions for..

Read More