When managing your network, developing an app, or even organizing paper files, sound security is no accident. Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant. As the Federal Trade Commission outlines in protecting personal information: A guide for business, you should know what personal information you have in your files and on your computers, and keep only what you need for your business. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents.
1. Find The Source of The Problem and Fix It
Just because a data breach has occurred and a cybersecurity incident has been discovered, it doesn’t mean the threat has passed or that your systems are now secure. As soon as humanly possible, your IT professionals (and perhaps a hired expert, depending on the staff working at your business) need to be able to track down the source of the problem. This is less to place blame in the event of human error (which likely was involved), and more to cut off the breach and prevent the exploit from being used again in the future.
Once the problem is found, professionals should fix it as soon as possible, either by patching it or removing it (depending on the problem). In addition, the business should make efforts to ensure similar problems aren’t extant in other business systems or processes.
2. Perform Damage Control
This is another step that is highly dependent on the type of cybersecurity incident that occurred and the type of business you are involved with. There are different problems that can arise when a data breach occurs, and here is how to get ahead of most of them:
- Get ahead of the problem before it becomes public knowledge if your company is involved with the public or has investors. Under no circumstances should a data breach be swept under the rug, as it likely will be discovered, and trying to hide it will only make things much worse for your business. Explain that the problem has been discovered, that it is being managed, and that all the necessary steps are being taken so that it will never happen again.
- Set aside resources to handle further complications from the problem, perhaps even set aside IT professional time to answer questions from employees and clients/customers
- Get back to the day-to-day routine of the company. Outside of the following emphasis on training, you will want to keep on message with your brand, and you will still want to provide spectacular service to maintain your business’s credibility. No one wants to see a company in a panic.
3. Store Passwords Securely
Don’t make it easy for interlopers to access passwords. Three of the FTC’s settlements in this area have alleged that:
- The company stored network user credentials in clear, readable text that helped a hacker access customer credit card information on the network;
- The business allowed customers to store user credentials in a vulnerable format in cookies on their computers.
- A company failed to establish policies that prohibited employees from storing administrative passwords in plain text in personal email accounts.
An Ounce of Prevention
Minimizing the fallout from those inevitable data breaches isn’t effortless. You need to take what steps you can and remain vigilant. That said, the effort involved is vastly less than the Herculean task of recovering after hackers manage to steal your identity.
