Progressive Computer Systems, Inc.
Call us: (919) 929-3080
  • Home
  • About Us
    • Our Team
      • Under Attack! – Book Release
    • Awards
    • Community Involvement
    • Referral Program
    • Testimonials
    • Join Our Team
      • Job Postings
  • Services
    • Complete List
    • Managed Services
      • ProgressiveCARE Managed Services
    • Cybersecurity
    • HIPAA Compliance
    • Cloud Services
    • IT Consulting
    • Email & SPAM Protection
    • Cabling & Internet Services
    • IT Outsourcing
  • Solutions
    • Strategic Planning
    • Business Continuity
    • IT Infrastructure
      • Why Use Progressive?
    • Network Security
      • Security Concerns
    • Virtualization
    • Business Assessments
    • Unified Communications
    • Hardware & Software
      • Recommended Equipment
  • Partners
  • Industries
    • Life Sciences
    • Health Care
    • Professional Services
    • Government & Education
    • Non-Profit
  • Resources
    • Professional Network
    • Under Attack! with Lisa Mitchell – Book Release
    • Blog
    • Newsletter Archive
    • COVID-19 Resources
  • Contact Us
    • Referral Form
  • Portal
    • Client Portal Login
    • Online Payment
Search the site...

Responding to a Data Breach

You suspect that your business experienced a data breach. Maybe an employee lost a laptop, or a hacker got into your customer database, or information was inadvertently posted on your website. Whatever happened, you’re probably wondering what to do next.

The FTC’s new Data Breach Response: A Guide for Business outlines the steps to take and whom to contact. Here’s a glimpse of what’s inside.

You’ll need to move quickly to secure your systems. Some immediate steps include:

  • Secure physical areas potentially related to the breach. Lock them and change codes, if needed.
  • Stop additional data loss. Take all affected equipment offline right away, but be careful not to destroy evidence. Monitor all access points to your system. If a hacker stole credentials, you’ll need to change those credentials too, even if you’ve removed the hacker’s tools.
  • Remove improperly posted information from the web. After you clean up your site, conduct a search to make sure other sites haven’t posted the information. If they have, ask them to remove it.

Think about your service providers. If they were involved, make sure they’ve remedied all vulnerabilities and consider whether you need to change their access privileges. Also, check your network segmentation so a breach at one server or site doesn’t lead to a breach at another.

What about breach notification? That’s where many companies have questions. First, take a look at your state’s data breach notification law. If it’s a breach involving health information, also look at the HIPAA Breach Notification Rule and the FTC’s Health Breach Notification Rule. Notify law enforcement, affected businesses and individuals.

  • Law enforcement – Call your local police, the FBI or the U.S. Secret Service. The sooner they learn about the breach, the more effective they can be.
  • Businesses – If account information (like credit card numbers) was stolen and you don’t maintain the accounts, notify the institution that does so they can keep an eye out for suspicious activity.
  • Individuals – The faster you notify people, the faster they can take steps to protect their information. In deciding who to notify and how, consider state laws, the nature of the breach, the type of information taken, the likelihood of misuse and the potential damage if the information is misused. When notifying people, consult with law enforcement and, depending on the type of information breached, consider offering at least a year of free credit monitoring.

The Data Breach Response guide includes a model data breach notification letter. Like the model letter, your letter should clearly describe: how the breach happened, what information was taken, what actions you’ve taken, and what steps individuals can take. We recommend including the relevant portions of IdentityTheft.gov/databreach based on the type of information exposed. Also, encourage people who discover their information was misused to file a complaint with the FTC, using IdentityTheft.gov.

Now that you’ve seen some highlights from the guide, take a few minutes to read the entire Data Breach Response guide and share it with your staff. Short on time? Watch the data breach response video for businesses.

Used with permission from FTC Business Center Blog
by Lisa Weintraub Schifferle

Share this:

  • Share
  • Facebook
  • LinkedIn
  • Twitter

YOURS FREE!

The 7 Most Critical IT Security Protections Every Business Must Have In Place. PLUS: Healthcare & Data Security chapter from the Bestseller, "Under Attack!"

Sign Up Now

Under Attack!

Now Available on AMAZON!

Recent Posts

Click here to view our recent posts.

Archives

Subscribe to Our Blog via Email

  • (919) 929-3080
  • (919) 929-3087
  • PCSsales@pc-net.com
  • PCSsupport@pc-net.com
  • Contact Us
    • Linkedin
    • Twitter
    • Facebook
Mailing address:
Progressive Computer Systems
615 Eastowne Drive
Chapel Hill, NC 27514
Directions

YOURS FREE !

The 7 Most Critical IT Security Protections Every Business Must Have In Place. PLUS: Under Attack! Book Chapter.
Sign Up Now for Your Free Chapter

HP Virtualization

© 2020 Progressive Computer Systems