What to do if you have a data breach

If you run a subscription company, you hold a lot of customer information – bank details, credit card numbers, names, addresses, and a host of other things that a hacker could use to identify and defraud your subscribers. For that reason, you’re at a high risk of experiencing a data breach. Hackers may decide to target you and try to get hold of sensitive information to further their nefarious purposes.

At some point, the worst may happen, and you may experience a breach. If that occurs at your subscription company, what should you do next? Please take a look at the following guide.

Find out what was lost

The first step is to audit the event and discover what was lost thoroughly.

Generally, the type of information you hold on customers falls into three categories of sensitivity.

  1. The least sensitive data (though still worth protecting) are things like names, addresses, and telephone numbers – the sort of data you used to be able to find in a phonebook. (And the kind of stuff you can quickly discover online with an internet search).

  2. More sensitive data includes things like account numbers for subscription billing and dates of birth. Criminals with this information could potentially steal money from customers if they do not block their cards in time.

  3. The most sensitive data are things like financial account numbers, passport details, social security codes, and online account passwords. Here hackers have real potential to do damage.

For instance, if a cyber-criminal learns a user password and email address, they can use that to hack multiple accounts. Furthermore, many hackers can now decrypt encrypted passwords stored on your servers or in the cloud if they are less than around ten digits long. So even if you lose encrypted passwords, that can be a serious problem.

Change all your passwords immediately

If you believe that some or all of your subscriber accounts may have been compromised, then change all passwords immediately if you can. If you can’t, then inform customers that there has been a breach and lock down your systems until the customer changes the password themselves. Where possible, encourage secondary two-factor authentication options.

Contact all relevant financial institutions

If you lose payment card details that hackers could potentially use to steal money from customer accounts, contact all relevant banks and building societies, telling them what’s happened.

Ensure that you speak with a real person, not an automated bot. Tell them that the situation is ongoing and that you suspected that individual accounts might be compromised.

Announce that you have suffered a breach

Companies have gotten into a lot of trouble in the past for going silent about data breaches. Firms do this because they want to avoid a scandal. Unfortunately, delay usually backfires, at least according to research group Forrester.

The best approach is to make everyone aware of the issue immediately so that they can take action. On your end, it is important to notify all your employees of what’s happened. Notification allows them to identify how and where the attack took place and prevent another. On the customer side, you can motivate your subscribers to change passwords and check their bank accounts for fraudulent activity.

In the days and weeks following the breach, try to avoid downplaying the event – this won’t go down well with customers. Don’t, for instance, do what toymaker VTech did after it got hacked and try to minimize the importance of what happened. The company claimed that hackers stole a few images of kids playing with toys and that it didn’t matter. In the aftermath, the brand lost both customers and value because it did not appear to take its data breach seriously enough.

Offer additional customer service

After a breach, your customers will want to get in touch with you to find out more about their accounts, get help with passwords, and so on. For that reason, you may have to lay on more staff to man the phones temporarily.

Whatever you do, don’t try to make a quick buck from your data breach, as Equifax did. When the credit rating agency experienced a breach in 2017, it shut down all systems and then asked customers to pay to unfreeze their accounts. Needless to say, the move was not popular, and the firm saw its value wiped out.

Conduct a thorough investigation

As a company, you want to be sure that you cut the risk of a secondary breach. To do this, you’ll need to conduct a thorough investigation of what happened. Here’s what you need to find out:

  • Where the breach occurred

  • Who was responsible for the breach

  • What data was stolen

  • How you went about remediation

  • The speed of your response

  • The total cost of the breach to subscribers

  • What data protection methods your company current lacks

The better you can log and report all of these factors, the better the handle you will get on what went wrong and the consequences for your company. IT staff can use data from the investigation to plan more effective defensive strategies in the future.

Continue monitoring your network long after the breach

If you’ve closed your corrupted endpoints, recovered the data, and contacted all relevant employees and customers, you’re not out of the woods. Hackers may still have access to your information through another channel that you have not yet identified.

For this reason, you must continue to monitor your network, long after the alleged threat passes.

Remember, there’s a tremendous amount of pressure on businesses, in general, to recover quickly from a breach. People expect companies to tie up loose ends, install new protective systems, and resume regular service rapidly. Not all firms, though, can do this. And even those that can still need to be wary of the risks of future breaches. Hackers may be willing to wait months for the opportunity to compromise your network again.

If your company is struggling to manage the situation in-house, you may want to hire an external specialist team to investigate the problem.