How to detect a data breach

Data breaches and cyberattacks are an ever-growing threat that put businesses at risk. Hackers could steal personal information about your employees or customers, pilfer your bank accounts, install spyware on your computers, or shut down your systems and demand a ransom.

A data breach can often go undetected for months, giving cybercriminals plenty of time to wreak havoc with your data, and spy on your activities. Companies take an average of 207 days to detect a data breach, plus 73 more days to contain it, according to a 2020 report by IBM and the Ponemon Institute.

Small businesses are a frequent target of cybercrime, with 47% percent reporting a cyberattack in 2019. These attacks cost an average of $77,000 for small and mid-sized businesses.

A data breach is unauthorized access that exposes confidential and protected information. This could include Social Security numbers, credit card numbers, bank account numbers, health records, and business information, such as your list of clients.

Dealing with a data breach can be time-consuming and expensive. It involves finding a breach, shutting it down, identifying what was stolen, and notifying anyone who was affected. It can cost you a great deal of money in stolen funds, loss of business, and damage to your reputation.

Fortunately, cyber liability insurance can cover most of these costs – even the cost of a PR campaign to help recover your reputation. In the tech industry, this policy is often bundled with errors and omissions insurance in a package called tech E&O.

Even with insurance, it's crucial to have measures in place to try and prevent data breaches from happening. You also want to be able to detect breaches as quickly as possible so you can limit their damage.

Early detection is crucial in fighting external attacks on your network. Fortunately, there are plenty of antivirus, anti-malware, and anti-spyware programs available that can help with data breach detection.

Your security team should install them on every device in your company that’s connected to the Internet or holds data. This includes servers, laptops, tablets, smartphones, smart watches, and copiers that store data.

Consider using software that maintains an activity log, as this makes it much easier to monitor for signs of suspicious activity, spot hacking attempts, and respond before they succeed. These logs should be examined by your cyber team on a regular basis and backed up just like any other company database.

These programs should be set to update automatically and to scan your systems on a daily basis. Many companies have their systems scanned at night when there’s little to no activity.

It’s also important to have your operating systems checked for regular updates as well, and not just on your computers. Failing to update your servers and other hardware can leave your systems vulnerable.

While the right software can help you detect data breaches, it’s still important to take an active approach on cybersecurity and to keep an eye out for these key signs of a data breach:

• Unauthorized password changes or attempts
• Repeated logon failures
• Large data transfers to unrecognized IP addresses
• Frequent discoveries of unauthorized software or viruses within your system
• Servers and computers running slower than usual

Many small businesses may not have the security professionals they need to protect their most sensitive data. That’s why it’s important to have the right security tools in place for real-time threat intelligence.

These automated detection and incident response systems can dramatically improve your information security.

An intrusion detection system (IDS) can monitor your network for signs of hacking and report them to your network administrator. IDS uses antivirus and other anti-hacking programs, along with software that analyzes traffic and data flow.

An intrusion prevention system protects against cyberattacks by watching for certain attack methods. It blocks potential threats and notifies your administrator if it spots unusual activity.

Data loss prevention software, also called data leak prevention software, monitors the transfer of information throughout your network. It can prevent the transmission of certain types of data outside your network, restrict access to certain users, and can help detect data leaks.

Endpoint detection and response, also known as endpoint threat detection and response, is software that analyzes data throughout your network to watch out for threats and notify your network administrator if one is detected.

Employees are often the weakest link in any company’s data security. They might use passwords that are easy to hack, click on a phishing email link, or install unapproved software on a computer.

That’s why employee education is important in both preventing and detecting data breaches. By training your employees to watch out for phishing and other ploys, you gain an extra layer of protection against cybercriminals.

Here are some key things to watch out for in detecting a data leak:

Unexpected declines in quality or production could be the result of employee errors or faulty machinery, but they might also be the result of a cyberattack.

A sudden increase in your electricity use could be a sign of hackers using your systems, especially if it happens at unusual times such as the middle of the night.

Any missed payments or questionable money transfers should be tracked down immediately, as they could be a sign that someone hacked either your own payment system, or that of a customer.

If you’re suddenly being outbid by one of your competitors on a regular basis, it could be a sign that someone hacked into your systems and is using that information to outbid you. If a competitor introduces an identical product or service at the same time, it could be the spontaneity of the marketplace, or it might be the result of someone stealing your data.

While these security solutions can help you prevent a data breach or detect one more quickly, keep in mind that even the most protected networks can be vulnerable to cyberattacks.

Protecting your systems and responding to a data breach requires constant vigilance and training among your team. Any business could be just one phishing email click away from being hacked.

The Federal Communications Commission's Cyberplanner is a tool designed for small businesses to create customized cybersecurity plans.

The Cybersecurity and Infrastructure Security Agency provides information on software vulnerabilities, patches, and malware.

The Federal Trade Commission supplies information on how to reduce your cybersecurity risks, plus videos that could be used for employee training.

The Small Business Administration is a trusted source of information on cyberthreats, malware, viruses, ransomware, and phishing.

The Better Business Bureau provides cybersecurity resources for businesses and consumers.

Have I been pwned? lets you find out if your phone or email has been hacked.