Nobody’s immune to credit card breaches. Not major retailers–not even technology like CurrentC which positions itself as the perfect foil to Apple Pay and yet, days after being announced as such, finds itself at the center of a possible data breach.
We’ve learned this year through the very-public stumbles of marquee brands like Home Depot, Target, and Jimmy John’s that nobody is safe from a data breach. We’ve also learned that the consequences of data breaches are long-lasting: Home Depot now faces at least 20 class-action lawsuits, while it’s come to light that customer credit card data poached from a Target data breach has surfaced on a Russian website.
No company is immune to the possibility of a data breach. No matter how well your organization prepares for this kind of attack, a data breach will quickly uncover the weaknesses in your security defense plan. It’s crucial that any company experiencing an attack uses it as an opportunity to correct these vulnerabilities before the next one happens. As cybersecurity expert Joe Adams says, “It’s not a question of if you will be hacked, but when.”
After a data breach, your company needs to take the following 6 steps:
1. Gather Internal Response Team
The internal response team is your company’s first responders who are trained and prepared to take action when this kind of security breach takes place.
Members of the response team should include:
- Senior Managers
- IT Security Force
- Key Operations Staff
- Legal Counsel
- Human Resources Officer
- PR Communicator
- Risk Officer
Department heads need to be a part of the team because a security breach affects the entire organization.
2. Keep Network Running
After a breach, don’t automatically assume you should shut down the network before the response team has a chance to investigate. Doing so could cause you to lose valuable data and stall your investigation.
3. Determine the Extent of the Breach
Investigating a breach doesn’t happen overnight. It takes time to collect large volumes of data and discuss the attack with IT andnetwork security personnel. It could take several days to determine the full extent of the data breach.
4. Make a Public Statement
You may have to publicly announce the breach before you have all the facts. Although some people understand that there’s a period of discovery before an announcement can be made, they’re still anxious to learn the facts.
5. Strengthen Security Plan
Don’t just draft a rapid response plan, practice it. Look at how well you responded to this breach and execute “fire drills” for the next one.
6. Upgrade Your Technology
Many data breaches can be traced back to companies that are running insecure or outdated POS systems–make sure your system is up-to-date.