800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

Checklist: How to Recover from a Data Breach

  • Fulfill all legal obligations to law enforcement and customer protection agencies. This may include notifying them of the breach or allowing them to review your records.
  • Review data collection policies. After a data breach, you might find that some of the stolen data wasn't even important to your business. Unnecessary data only exposes you to more risk. If you're routinely collecting data that you don't use, rethink your data collection policies so that you only collect and store what you absolutely need to do business.
  • Review data storage policies. If you're holding onto years' worth of old, obsolete data, it's time for spring cleaning. Delete it! If you're storing duplicate data, trim it down. Sorting through a sales database can be exhausting work, but having streamlined data reduces your liabilities. Note: if you're not sure where to start with eliminating data, work with an IT consultant who has experience in data management.
  • Prepare for lost revenue and slow business by limiting unnecessary expenses and ramping up your sales game.
  • Prepare for possible firings. If you have employees, give them as much warning and information as possible if you'll need to let them go. This may mean letting them go early with an extra month or two of pay to improve their odds of finding new work. If you have an employee whose negligence caused the breach, document this carefully to avoid post-firing lawsuits.
  • Increase public relations / advertising campaigns to offset lost revenue. If necessary, enlist help from an outside PR agency. This may sound like an unnecessary expense, but many Cyber Liability Insurance policies pay for public relations efforts to restore a business's reputation after a breach.
  • Enlist a professional to conduct a security audit. During an information security audit, an outside party evaluates the security of your IT solutions. This can be one of the best ways to prevent future incidents. Look for an IT professional with experience performing security audits for small businesses.
  • Update software and IT solutions. After a breach you might have to rethink how much money you budget for IT. If your previous security configuration leaves you open to future breaches, you might have to put more resources into security and technology.
  • Examine third-party hiring practices. Some data breaches are caused by lapses in security by the contractors and third parties you hire. You can request that all future contractors have basic business insurance (including Errors and Omissions Insurance). If your contractors have this policy, you'll know an insurance company is insuring their work. (See the checklist, “How to Choose an IT Contractor Who Will Keep Your Data Safe” for details.)
  • Update your data breach response plan based on your experience. You may want to include contact information for the regulatory bodies, credit monitoring service, PR firm, and IT professionals you worked with this time around – just in case.