How to handle a data security breach in your business in 4 steps

Most businesses today are concerned about suffering a breach involving their data. The data can be sensitive customer information like social security numbers, patient data such as health records, or information regarding their employees and vendors. How you handle a breach can impact your business in several ways. Here are some examples.

Legal ramifications. Sensitive customer data that has been compromised due to a security breach can potentially lead to identity theft. The vast majority of states require companies to contact their customers when their information was or may have been stolen. The information this pertains to includes social security numbers, drivers license numbers, bank and investment account numbers, and health information. In addition to state laws, certain sectors such as financial services, banks and health entities may be subject to federal law. A register of state laws is provided by the National Conference of State Legislatures.


Cost. It pays to research the laws in your state so that the course of action you follow not only protects you from costly fines and potential lawsuits, but also reduces your costs. Without a good strategy in place, you could end up paying higher customer notification costs.


Loss of customers / brand damage.  If you determine that only a percentage of your customers were compromised, you may not have to contact all of your customers of the breach. This is important, because once the breach is discovered and you notify the appropriate parties you may lose a large chunk of those customers. It may not make sense to risk churning a segment of customers that you don’t need to.

Here are 4 steps to take to handle a data security breach in your business

1. Gain a full understanding of state and federal laws regarding data security breaches relating to your business and the sector in which your business lives. Once you know what the law is you can deploy a response that follows the laws, limits your response costs, and lowers your risk of customer loss. In other words, if you are properly prepared you won’t overreact

2. Once you understand the course of action you must follow, don’t hesitate: take action. Tackle the adverse consequences. You may be thinking about the potential damage to your brand and the loss of customers you might face, but if you hesitate and dilly dally, the negative effects could be far worse. You could be perceived as an organization that cares more about your reputation than your customers’ data security. That kind of cost could be insurmountable. In addition, you don’t want to fail to meet a time frame established by law.

3. Draft data breach notification letters that you can use as templates when and if you need to contact your customers and other interested parties. By planning ahead, you can also think about the kinds of things you want to say to your customers, and how you want to say them.

4. Keep an up-to-date list of customer addresses so that your response will get to the right people in the event of a breach

The thought of a breach can keep up at night, but it doesn’t have to. If you are knowledgeable and prepared it can make all the difference. As my old boss used to say, “Proper preparation prevents poor performance.” 

Also, you can read a bit more  on this blog about SSL security certification.

Do you have a plan if your business suffers a breach? Tell us about it in the comment section below.