My Business




Technology Tip

Technology Tip
Dave Pelland has extensive experience covering the business use of technology, networking and communications tools by companies of all sizes. Dave's editorial and corporate experience includes more than 10 years editing an electronic technology and communications industry newsletter for a global professional services firm.

Reacting to a Small Business Data Breach

Reacting to a Small Business Data Breach

While every company works to avoid being hacked, having an effective response plan can help mitigate the damage if your network is breached.

The steps your company takes immediately after a breach is discovered can play an important role in reducing any financial consequences, as well as damage to your company's reputation among affected customers.

Because your response plays such a key role in recovering from a data breach, it's important to form at least preliminary plans for an effective response ahead of time, so you can make decisions carefully, without the time, pressure and confusion likely to follow a data breach.

Although breaches at large, well-known companies tend to attract the most attention, security researchers say the risk of a breach is actually more acute among smaller businesses. Smaller companies generally have less sophisticated cyber defenses than their larger counterparts.

In addition, many small businesses are victimized by automated hacking tools that exploit known vulnerabilities in server software. In most of these situations, hackers don't know who they are attacking. They merely look for a company to breach and figure out later who they've attacked.

Prevention is the Best Approach

The first step in preparing for a data breach is working to prevent one. This includes following basic cyber hygiene steps such as making sure servers are protected with strong authentication, data is encrypted, software is updated, and other routine security steps.

Once those details are taken care of, it's time to start planning for your company's response should a breach occur.

Communication is Paramount

Perhaps the most important step in responding to a data breach is having an effective communications plan. Depending on your state's laws, you may be required to notify customers you believe may be affected by a breach.

But even without such a regulatory requirement, getting the word out about a security incident, and outlining the steps your company is taking in response, can provide important benefits in retaining or restoring trust among your customers.

Most customers would rather hear from you, and know the steps you are taking in response, than to find out about a security incident from the news or another source.

Document Everything

Security researchers also say it's important to document every step you take in the immediate aftermath of a security breach. Writing down, or grabbing screen shots, can provide important evidence of the cause of a breach, and could be valuable information should a breach result in customer litigation or regulatory inquiries.

Enlisting Help

Because planning for a security incident can be daunting, it's good to talk ahead of time with vendors who may be able to offer valuable advice.

Your payment processor, for instance, will be able to offer important security information, as well as guidance about steps to take if a breach occurs.

Your legal advisor, similarly, will have insights into your notification requirements and steps to help reduce liability concerns.

Your insurance carrier can be another key resource. Remediation services may be available as part of a cyber insurance policy, or added to a general business liability package. Speaking with your agent or broker about your data protection needs is another good idea.

Although a security breach can provide an unwanted distraction and challenge for any company, thinking about an appropriate response ahead of time can help reduce the effects of a breach.

Read other technology articles.

The Business Resources Center offers helpful news, tips, and tools for general information purposes only, It is not intended to provide legal, financial, or other advice or recommendations for any specific individual, business, or circumstance. The offerings found here are provided by third parties, which are neither controlled nor endorsed by First Tennessee Bank National Association. First Tennessee Bank National Association does not guarantee or warrant the accuracy, completeness, or timeliness of this information and content. Additionally, links to third party sites are provided for your convenience. Such sites are neither controlled nor endorsed by First Tennessee Bank National Association and may not have the same privacy, security or accessibility standards. Third Parties are responsible for the content and availability of their sites.