(This week I welcome guest blogger, Lindsey Weiss is the co-creator of Outbounding, with some recommendations for how to handle one of an entrepreneur’s worst nightmares – a data breach.)
No small business owner wants their customers’ data to fall into the wrong hands – or any other hands for that matter. But data breaches happen, and how you react plays a huge role in whether your customers stick around or look for services elsewhere. Unfortunately, problems are often detected by customers (around 21 percent of the time). Here’s what you can do in the wake of an IT catastrophe.
Sound the alarm
Letting your customers know their data has been compromised is intimidating. However, you have to be up-front and responsive. Be honest and do not downplay the situation. Even if you have yet to identify how the intrusion occurred, assure your customers that you have your security personnel working on it around the clock. Be ready for some backlash and a potential decline in business as you work to reestablish your reputation.
Have a plan
Your cutomers, both those that stay and the ones who pull their accounts, will want to know how you plan to retrieve their information and protect it in the future. Do an audit of your current processes, hardware, and software. If your payment system is out of date, for example, it is likely less secure, and it would be wise to upgrade. Many current payment systems come bundled with fraud prevention and data security services.
In addition to new software and hardware, implement a system of checks and balances as part of your incident response plan. Fortune recommends consulting with cybersecurity experts. These professionals can determine where you are vulnerable and help you patch up any holes that provide hackers backdoor access to your company’s files.
Look at legislation for guidance.
Many small businesses will not be subject to strict financial rules and regulations like major corporations. But you can still implement practices that protect both your clients and your business. After a series of widely publicized accounting scandals in the early 2000s, Congress birthed the Sarbanes Oxley Act (SOX). At its core, this piece of legislation addresses accounting practices and puts into place regulations that dictate electronic records management. Even if you are not required to maintain SOX standards, it may be in your best interest to ensure that your managers, data management team, and accounting personnel understand the fundamentals of the act. Emulating SOX practices may require hiring new staff or freelancers (such as a computer vision engineer) and establishing new internal controls, but these actions might help you avoid a repeat incident.
Retrain your employees.
Sadly, hackers are not the only issue that you have to look out for. Disgruntled employees pose a significant threat to your data security, specifically early-career non-technical managers. Technology is not always a failsafe, so it pays to train your employees on how to identify infrastructure weaknesses and on ways they can act as your company’s first line of defense. Malwarebytes Labs explains that protecting your business against hackers is achieved in part by ensuring that your devices are password-protected and using unique credentials for each account and computer. Work with your company’s IT department to create new password standards and require multi-step verification processes for employees who wish to access secure data.
Employees at all levels should also be trained on how to identify phishing emails. Another critical part of your cybersecurity procedures is to use a dedicated server for all company and customer data. Do not leave the security of your most valuable asset – your customers’ trust – up to a cloud-based storage program because you have no control once their data is out there on the web.
In light of a data breach incident, you will likely lose the faith of some of your customers. But it’s how you respond in the days, weeks, and months after that define your future success. Be open and upfront with your customers and aggressive in your measures to stop future attacks.
**********
Lindsey Weiss is the co-creator of Outbounding, which aims to connect organizations to the publishers and webmasters who care about your vertical reach. She is passionate about marketing and protecting one’s web presence.
Leave a Reply