It’s not bad enough that we hear about massive data breaches (Equifax, Experian, Home Depot, Target, etc.) on the news each night, now you have to protect your own business against hacking, ransomware and even employee data breaches.
Employee data that you collect when you hire someone is private information and can contain sensitive details like a background check, medical information, social security numbers, and even employee bank accounts along with other valuable tidbits that identity thieves would love to get their hands on. It’s up to you to protect your employee information, and if you don’t, you could be in hot water.
It can happen to large and small companies; size does not matter. Hackers can get into anywhere. You need to know how to respond and how to survive an employee data breach.
How to Respond to Employee Data Breach
Take Inventory and Take Charge
The first step you need to take is to get to know your data real fast. Figure out what was accessed or stolen so you can assess the damage. Follow the flow of information in and out of your company and research the processes to determine where the breach occurred.
Next, figure out who will take charge of the situation and pick a singular point of contact. Does the responsibility fall on the shoulders of your IT guy, or maybe the head of cybersecurity, or possibly even the CEO or CIO. One person should be leading the investigation and managing communication about the incident. Your point person can handpick their team to get everything back on track.
Communicate to Employees/The Public
Instead of trying to cover things up, transparency works the best in these types of situations. Tell the public and your employees the truth. Let them know what information was taken and how it may affect them. You may even plan on holding identity theft sessions to teach your staff how to prepare and deal with it if they become a victim as a result of your data breach. Be prepared for the fallout, calls, emails, questions, and panic.
Designate someone to handle the communications aspect of things and assure everyone that you are doing all you can to plug the leak, minimize the damage and avoid these types of issues going forward. People want to know you are confidently taking care of it.
Compliance also comes into play, and you may need to inform regulatory committees or government agencies about the data breach and accept the consequences for not keeping your employee’s data safe.
Some states like Massachusetts have enacted data breach laws that require specific companies to provide identity theft assistance and credit monitoring for a year or more, after a data breach. IDStrong.com is a trusted resource and can provide these services to be in compliance.
Figure Cost into the Picture
Any size data breach is going to cost you money. It will cost dearly to pay security experts to evaluate your network and plug the holes, and investigators to track down the thieves. Not to mention the fact that you may have to pay damages, and there could be lawsuits from employees or others affected. Don’t forget that trust is a big issue. If your customers feel that you are untrustworthy, it could cost you sales as well. You need to figure out a plan on how to position the information to reduce the overall cost.
Going forward, you will need to fortify your systems and put into place better security. Often, taking those steps is not cheap either. Some companies invest in cybersecurity insurance policies, so you may have some leeway there and may not have to shoulder the financial burden alone.
Plan Ahead so Employee Data Breach Doesn’t Happen Again
The most important step once you get the day-to-day activities back online and alleviate everyone’s concerns, is to plan ahead, so it never happens again. Some steps to take here are:
Hire the best IT/cybersecurity experts you can to secure your networks, computers, and other assets.
Work with HR and management to improve your processes.
Put into place a strict need-to-know-only policy for private information.
Install the best ransomware, antivirus, and anti-malware software you can afford.
Get to know the bad guys who might want your information. Knowing the enemy will help you safeguard against them.
Monitor and log all network activity and install video cameras in areas where sensitive information is stored. Log everything so you can review it later.
Hire one person to be the overseer/gatekeeper for security, so you have a responsible party on it, at all times.
Once you have your new security system in place, test it thoroughly. Look for any weak links. Hire security experts to attempt to breach your network so you will have confidence in its ability to thwart criminals going forward.
Although it is impossible to protect your business 100%, a data breach has a silver lining. It will help you be much more prepared for the future and secure your previously vulnerable assets.