800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

How to Protect Your Business from Identity Theft: Recovery

Here's the thing most people don't understand about data breaches: the effects can last a long, long time. We're not talking months – years after a data breach, you could still be feeling the consequences. In fact, these effects are often so costly that many small businesses go out of business after a breach.

How will a data breach affect your business? Good question. Here are some of the common effects of a small-business data breach:

  1. Damaged reputation. Studies show that data breaches are one of the three worst things for a business's reputation. From a customer's perspective, the only things worse than data breaches are when company causes an environmental disaster or has poor customer service.
  2. Lost revenue / slow sales. After Target's data breach, its profits dropped 12 percent. Larger chains might be able to weather that kind of fluctuation and regain the trust of customers, but smaller businesses often cannot.
  3. Layoffs and infighting. Lost revenue could mean you'll have to cut employees (if you have any) or find other ways to cut your costs. While it can be stressful and unpleasant to dismiss employees, it can be even scarier to not know where to cut your costs to break even.
  4. Lawsuits. Data breach and identity theft lawsuits are expensive. Heck, any lawsuit is expensive. But data breaches often lead to class action lawsuits, where multiple customer lawsuits combine into one larger one. These lawsuits can be among the most expensive.

Now that we know some of the effects you'll see after a data breach, let's go over your recovery plan.

A Small Business's Guide to Recovering from Data Breaches

After a data breach (and all the mess that comes with it), your business should focus a good deal of its resources on recovery. Here are six things you must do in the months and years after a breach.

  1. Guide your customers through the post-breach process. Identity theft can occur long after a breach. Businesses typically offer one year of identity theft prevention for their customers. Practically speaking, this means you may have to field questions and complaints for months (or even a year) after the breach.
  2. Comply with law enforcement. Law enforcement and customer protection agencies often step in to investigate data breaches. You might have to comply with their requests and send them information about the breach.
  3. Crank up the PR. When you're recovering from a public relations disaster, you can't afford to go about business as usual. Your advertising and PR campaigns need to be focused on earning back customers you've lost and finding new ones. The bright side? You can use the breach as an opportunity for a fresh start, launching a campaign around the new security features you're putting in place. Sales tend to be slower following a data breach, so you may need to target new revenue streams more aggressively than usual.
  4. Rethink your current level of security. Why did the breach occur? Was there a lapse in your security? Maybe the breach occurred because a third-party vendor that worked for your company had lax security. Whatever the cause, you'll need to implement changes to make sure it doesn't happen again.
  5. Upgrade network / web security and update or replace old software. Consumer Reports cautions that small businesses are often slow to update old software. Many small businesses use old software or patchwork IT solutions because they don't want to fork over the cash for something more comprehensive. This makes sense – your budget is smaller. But old software can cost you if it isn't secure. The good news is that most software patches are free to download, so be sure you're taking this crucial step toward securing your customer data.
  6. Review your response. After things have cooled down, you'll want to analyze how successful your business was at limiting the damage of the data breach. If you had a data breach response plan, how useful was it? Do you need to update it to reflect some of the unexpected challenges you faced?
  7. Comply with law enforcement. Law enforcement and customer protection agencies often step in to investigate data breaches. You might have to comply with their requests and send them information about the breach.
  8. Crank up the PR. When you're recovering from a public relations disaster, you can't afford to go about business as usual. Your advertising and PR campaigns need to be focused on earning back customers you've lost and finding new ones. The bright side? You can use the breach as an opportunity for a fresh start, launching a campaign around the new security features you're putting in place. Sales tend to be slower following a data breach, so you may need to target new revenue streams more aggressively than usual.
  9. Rethink your current level of security. Why did the breach occur? Was there a lapse in your security? Maybe the breach occurred because a third-party vendor that worked for your company had lax security. Whatever the cause, you'll need to implement changes to make sure it doesn't happen again.
  10. Upgrade network / web security and update or replace old software. Consumer Reports cautions that small businesses are often slow to update old software. Many small businesses use old software or patchwork IT solutions because they don't want to fork over the cash for something more comprehensive. This makes sense – your budget is smaller. But old software can cost you if it isn't secure. The good news is that most software patches are free to download, so be sure you're taking this crucial step toward securing your customer data.

Remember, your Cyber Liability Insurance can pay for many of these expenses, including the PR campaigns and customer outreach programs.

70% of businesses raise prices or cut hiring when sued