By Mihir Korke, is the Head of Acquisition at Clover
Most small to medium-sized businesses (SMBs) don’t believe data breaches can ever happen to them. Yet approximately 67% of SMBs fall victim to cyberattacks every year.1 An estimated 60% end up going out of business within six months after a security breach.2
Recognizing this risk is the first step towards a better defense. However, small businesses must also design and deploy security roadmaps to help them get back on track during and after a breach. This resource breaks down five key elements that are essential for any SMB info security (infosec) strategy.
Design an action plan (in advance)
Data breaches are chaotic and complex. As a result, SMBs can’t afford to design responses on the fly. What happens if critical systems go down or essential personnel are out of the office?
Planning is critical for reducing confusion in the wake of a cyberattack. Thorough preparation also helps minimize the long-term impact of data breaches. As part of this planning phase, it’s important to identify who is in charge of your response team – complete with clearly defined roles and responsibilities.
The next step involves outlining your priorities during the crisis, whether this means:
- Protecting or recovering sensitive data
- Maintaining critical access and operational continuity
- Verifying recovery time objectives (RTOs) are met
Be sure your current security, storage, and backup solutions are up to the task. Test them regularly for potential weak points. You should also speak with your security provider for advice regarding incident response (IR) and disaster planning. If you don’t have one, look for a reputable third party that specializes in cybersecurity and disaster recovery.
Create a preliminary damage report
When a data breach occurs, you need to understand the extent of the damage as quickly as possible. Note that this preliminary analysis will probably not capture the whole picture. That said, it’s important to identify what happened, whether any data was compromised, and how you can fix the problem.
Thereafter, report the incident to local authorities. It’s also a good idea to bring in relevant third parties that can help study or mitigate the damage.
- If payment data was stolen, you would want to share this information with your payment processor and bank
- If the breach targeted your customer relationship management (CRM) suite, notify the software developer ASAP
You won’t have all the answers right away, but speed is essential at this stage. That’s because you need to share your findings as quickly as possible with those who are most affected by the breach.
Communicate with data breach victims
Many companies are reluctant to share the scope of a detected cyberattack, with some never reporting that a data breach happened. However, leaving stakeholders in the dark is usually a strategy that backfires. The truth will eventually surface. Any relationships you’ve built with customers, vendors, suppliers, and other impacted groups will suffer once they discover what happened.
The best bet is to assign designated staff members to handle communications. More specifically, this team should be able to share:
- How the cyberattack most likely happened
- The scope and severity of the damage
- Who might be impacted (and how)
- What steps your organization is taking to resolve the issue
- Specific guidance on how users can protect themselves moving forward
This isn’t an easy task, but hiding crucial information will only erode consumer confidence in your organization. Moreover, there may also be legal ramifications for withholding this type of information from the public.3 Transparency with customers and clients offers the best path toward reputation recovery.
Find (and fix) failure points
The next step involves analyzing how hackers breached your network. From phishing emails to ransomware to fileless attacks to persistent backdoors, finding the first point of compromise lets your security team create effective countermeasures and prevent copycat breaches.
If yours is like most small businesses, you likely lack the in-house resources to do the above from scratch – further highlighting the importance of working with a cybersecurity specialist.
There are a few simple actions you can take right away, including:
- Changing all passwords for any servers, computers, smart devices, or online accounts used to run your business
- Requiring two-factor authentication – for employees and customers
- Updating your IT infrastructure with the latest operating systems, patches, and anti-virus protection. Cybercriminals often target known vulnerabilities in outdated software
Make the victims ‘whole’ again
Last but not least, clearly communicate what steps you’ve taken to resolve the data breach – including how you plan on compensating those who have been most affected. Again, this is not a pleasant task. According to a 2019 consumer survey, 81% said they would stop engaging with brands online after a breach.4
Whether you offer giveaways, discounts, or free credit monitoring is up to you. Just remember that the more transparent and helpful you are, the greater your chances of retaining customers.
There’s no easy road to recovery after a security or data breach. As a small business owner, however, it is possible to mitigate the impact of attacks by prioritizing infosec plans, delivering consistent communication, finding key failure points, and taking immediate action.
Author Bio: By Mihir Korke, is the Head of Acquisition at Clover. As a leader in small business credit card processing and POS systems, Clover specializes in restaurant, retail, and personal and professional service payment solutions. With desktop and mobile POS systems, contactless payments, solutions for curbside pickup and online ordering, loyalty and rewards, Clover has multiple solutions to meet your business’s needs.
This is a sponsored Feature