Information security (IS) practices are a big discussion, as high-profile compromises and identity theft fill the headlines. Although there's no such thing as a perfect defense, staying up-to-date on the latest threats and defense techniques can keep you safe from the less enterprising hackers looking for a path of least resistance. You should also focus your resources of what to do when the inevitable breach takes place. It can happen to anyone, so take the time to understand a few breach risks and recovery techniques.
Loss Of Information And What Happens Next
Consider a business that processes recurring credit card payments for customers. There's a lot of stored information about these customers, such as names, addresses, phone numbers and of course credit card numbers. To make a purchase from you, the information needs to be up to date and able to verify their identity. Unfortunately, that's exactly what a hacker needs.
An information thief would be able to do a lot with this information, such as siphoning from existing accounts and creating new accounts. While a terrible fallout from an information loss disaster, there is a way to thwart hackers even after the information is lost.
Counter information theft with more information. You need to be able to alert your customers as soon as possible to warn them of the loss of information and what it could mean. Once alerted, customers can take it upon themselves to watch out for illegal purchases or changes under in their credit history. Removing fraudulent purchases from credit reports and closing fraudulent accounts isn't as difficult as it was even a decade ago, but time is of the essence.
Easing Paranoia With Information And Documentation
There's a lot of paranoia about what identity theft could lead to, which can lead to overly-exaggerated terror when the bad news is given. While it's not a good idea to dismiss the upset or frightened feelings of your identity theft victims, you need to educate your customers about what to do in case of a breach and how it's not the end of the world.
The biggest negative side effects are the noticeable negative marks on credit history. These marks aren't the end of the world, but it's a customer's right to maintain a perfect record and to take offense when that record is tarnished by someone else. Aside from that, a fast reaction to the information theft and providing all of the necessary documents can keep many customers happy during what may be a minor inconvenience.
After a breach, be up front about it. If your systems are able to be compromised, someone will find out eventually and someone will bring your bad news to the public. Having your breach reported by a third party before you say anything can be a public relations nightmare.
A preliminary announcement of a breach is a good way to start. Announce that there was a compromise and that you're building a response plan to protect customers and to measure the estimated damage. As you work to find the culprit and cauterize the business wounds caused by the breach, give exact time and date of the breach for every customer that needs to report to a credit bureau. Customers need the official information from you to wipe out fraudulent accounts instead of arguing over whether the accounts are fraudulent or not.
To discuss other damage control and to develop other plans, speak with a data breach response plan professional.