Data loss is no joke, no matter how limited the access may have been to your systems. When facing a potential demise because of important information being lost to the ether or used by malicious individuals for their personal gain, you may become so distressed that you make terrible decisions based on emotions versus a logical response.
If a large corporation like Sony can get it wrong with handling a hack then just think what it would do to your business. Imagine if you were Hello Games and lost almost everything due to a flood, what are you going to do when your data drowns with the hardware? Here’s what not to do (and what needs to be done in its place.)
Do Not: Skimp On Recovery/Backup
Sure it’s great that we have so many tools for doing backups and data recovery but it’s very likely that you’re only thinking about this because it’s the topic of the post. Like insurance, it’s something that you sometimes take for granted until the disaster strikes. I bet the last time you were told to do a backup it was only after someone had taken a lost.
What may happen is that you put to work these programs to begin recovering data but since you may be inexperienced, you’re not able to recover it all. You figure you have a few older backups so that should take care of any missing parts but now your data is segmented. What if there were orders that hadn’t gone fulfilled or very personal information that needed to be retained?
What to do: Don’t skimp out on professional data recovery services. Find professionals in your area (in my case I’d do a search and review the options for a data recovery company in Ontario and have them come out as soon as possible so further damage may not be done and so you can get back into action.
Do Not: Keep Quiet
Transparency is key when it comes to a data breach because it’s the morally right thing to do so your users know what has happened, what next to do, and how it is going to be addressed.
Treat the users the same as you’d like to be treated, informed.
The worst thing you can do is to keep the event under wraps even if you’ve already addressed the problem. A company that doesn’t disclose breaches are straining the trust they have with users; the sooner they learn of the intrusion the earlier you can begin to do damage control. It’s very hard to win back the trust of people if they find that their data was compromised months later because they aren’t informed if more of their info may have been accessed since the initial attack.
What To Do: Immediately send an email and post to social about the event, detail how the situation is being handled, remind people of customer service contacts, and begin a new, transparent policy so these situations won’t happen again.
Do Not: Continue To Operate On Old Policies
Okay, great, the problem has been patched and you’re back to normalcy. You’ve updated the plugins, changed passwords, and setup your data recovery but what’s missing in this situation?
Far too many individuals go back to old habits when it comes to their cyber security. They allow their firewalls, virus protection, and (overall) policies to lapse which then makes new opportunities for people to breach the data or neglect to set in which could result in data loss from in-house. These people don’t understand how wide a breach could be (it may have happened to the business but do you know if the attacker also gained access to personal accounts of the employees?).
What to do: Continually monitor your network and develop a better security protocol and policy so that systems and personal information is consistently updated. Teach yourself and employees about security best practices. Bring in security firms to conduct penetration testing. Set backups that benefit from fault tolerance and only retain data that you truly need to keep.
Have you ever been the victim of a data breach or experienced a massive loss of data? What did you do to alleviate the situation? Share your experience with a comment below.