A data breach is a cyberattack that steals sensitive information. Typically, attackers gain entry into an organization’s system through malware and other malicious software that targets specific vulnerabilities. They can find such vulnerabilities in a variety of ways, including email attachments, infected thumb drives, or by downloading them from an external website. Once in, they can encrypt files and block all access to a computer system until a hefty ransom is paid.
To protect against such attacks, companies must develop a strong security posture and a comprehensive risk management strategy. They must also be prepared to respond to a data breach when it occurs by quickly taking steps to limit damage.
Identify the type and amount of personal information exposed. Determine how the data breach occurred and who was responsible. Document your investigation.
Determine what needs to be done to address the breach and protect affected individuals, including remediation and support measures. If compromised data relates to financial accounts, alert banks so they can monitor customer activity. Similarly, if Social Security numbers were stolen, notify credit bureaus to help victims.
Create a communications plan for the public and affected customers, investors, and business partners. Avoid releasing misleading information, and provide factual answers to questions from consumers. The best way to minimize consumer frustration is to anticipate the most common questions and answer them in advance. This will save time and resources in the long run. In addition, be sure to communicate with law enforcement so they can investigate and prosecute perpetrators as soon as possible.