Data breaches are increasing concerns for businesses of all sizes today. Taking action and planning ahead can not only help to prevent some data breaches, but it can also make dealing with others as they happen.
These are things you need to do before a data breach happens, because waiting until afterwards will cost precious time and do irreparable harm to the reputation of your small business.
Create Policies and Procedures to Guard Against Cyber Intrusions
Technology is evolving at breakneck speeds. You need to revisit your policies and procedures, those related to data and security, at least one time every year to make sure you’re taking adequate precautions.
These small changes can help immensely.
- Require employees to use complex passwords (and change them monthly).
- Update your Wi-Fi security with encryption.
- Educate your employees about proper security and how failing to follow security protocols can impact your business and their livelihoods.
Create a Data Breach Response Team
You cannot wait until after a breach happens to create this team. Your data response team needs to be ready and able to take action the moment you learn of a data breach. This team is not only made up of members of your organization, but also of outside professionals, including:
- An attorney with specific experience in data breach and privacy matters. Your attorney will become the “breach coach” for your response team and help you navigate the tricky legal maneuvering that is necessary in the event of a data breach.
- A computer forensics firm. You need to know the details of the breach – specifically the timing of the breach and the severity of the breach. You’ll need a forensics firm to iron out those details so you can give the public the right information. Your firm also needs to be able to put the details in a language you can understand and appropriately explain to the customers and/or employees affected by the incursion.
- A public relations or crisis management firm. Data breaches are bad for business. There’s no doubt about that. However, handling the data breach the right way can help you retain customers and sway public opinion in a positive way.
- Designated spokesperson. Your business needs to establish one person to do all the speaking for your business regarding the data breach. Everyone in your organization needs to know who that person is and direct all personal and media inquiries to that person. This reduces the possibility of misinformation and confusion.
- Credit and Identity monitoring services. This is a standard service to offer customers who are the victim of the data breach. Having the details in place before the event helps things move more smoothly when a breach does occur.
Data breaches can be costly for businesses. Taking appropriate action before a data breach occurs and investing in cyber liability insurance to offset many of the costs associated with the data breach event, can help you save a great deal of money and the reputation of your business.