What any business leader dreads has happened: your data has been hacked. You must act, and quickly ! After its advice to protect against a possible data leak, My technician shares with you his intervention plan in the event of a data leak, in order to limit the damage.
1. Be responsive
The first few hours after the discovery of the company data breach are crucial. The longer you wait, the greater the losses will be. Cybercrime attacks are becoming more complex and it is unlikely that you can solve the problem on your own. Alert your IT network teams (within 48 hours maximum) or cybersecurity professionals who can understand the problem quickly
2. Isolate the incident
Once the source of the problem has been identified (phishing, ransom software, malware, Cloud service attack…), the objective is to quickly control the vulnerability so that it does not spread. Work closely with your IT teams to identify intrusion points and disconnect attacked systems from other internal databases and servers.
3. Remain vigilant
In the first few hours after the data theft, you may receive fraudulent emails or calls. Be even more attentive to this type of practice than usual to see if there are any other data theft attempts in progress.
4. Informing customers
Certainly no one wants to shout loud and clear that they have just been hacked… However, your customers will appreciate your efforts to be transparent with them. Moreover, please be aware that if your company collects personal data from European citizens and it is disclosed, you will have an obligation to inform your customer promptly, as stipulated in the GDPR (General Data Regulation Protection). In other cases, do not hesitate to bring your communication professionals together to inform your clients through a newsletter or press release and, above all, to announce the measures taken to address the problem. Finally, offer solutions and advice to your customers if they think their personal data is not secure.
5. Contact the competent authorities
In 2017, only 10% of Canadian companies affected by a cyber security incident reported the incident to a police force (source: https://www.statcan.gc.ca). Currently, and following the Equifax scandal, PIPEDA (the Personal Information Protection and Electronic Documents Act) has been amended. Companies that have experienced data breaches are now required to report them to the Office of the Privacy Commissioner of Canada.
6. 6. Avoid a new leak
Now it is a matter of protecting against a new attack. Digital security must become a priority for you and your employees. Consider implementing enhanced protection measures such as disk encryption, malware detection or phishing tests. You will find some advice on the right resolutions to take to secure your SME on this blog. A security audit is necessary? Contact us!