Steps to take if your business experiences a data or security breach

Data breaches are becoming more and more common as hackers get more sophisticated. Your business can be exposed to a breach through a vendor or organization. For example, according to the Washington Policy Center, the Washington State Department of Licensing data breach in January exposed the data of 650,000 former and current business owners. You may also experience hackers taking personal information from your server, or succeeding at phishing or spoofing attempts.

“It’s not a matter of if, it’s a matter of when it will happen,” said Angela Anderson, Coastal Community Bank SVP, Information Security Officer. Anderson oversees the Bank’s Information Security and Fraud Investigation teams and is seeing more fraud attempts, which are happening throughout the financial industry.

“We’re seeing and hearing about more fraud and security breaches for small businesses than we are for larger businesses, mostly because they don’t have the same level of resources to invest in systems and policies to protect them,” she said. “However, regardless of your preparedness, every person and business is at risk of being hacked through their personal or business accounts or through the vendors or organizations they do business with that are equally at risk for hacking and breaches.” She warns, “This isn’t going to stop. It will continue to worsen as hackers develop new skills and tactics.”

Anderson has counseled area businesses after they experience a data or security breach and advises businesses should take a few important steps after they learn of an incident. Although every breach is different, she said these steps may help your business after exposure.

Secure Your Operations: To prevent multiple breaches, secure physical and data sources related to the breach. Change access codes, credentials, and passwords and stop additional data loss by taking all affected equipment offline so you can assess the scope and source of the breach.

Investigate the breach: Find out how it happened and what information was accessed or stolen.

Fix Vulnerabilities: Review service provider and vendor access and review access privileges. Review your network. Is it segmented so that a breach on one server cannot be extended to another server or site? If your business outsources your storage and network, talk to your provider.

Communicate: Assess who needs to receive communication or be notified about the incident and who’s affected, i.e., employees, customers, investors, vendors, business partners, other stakeholders, your legal team, and law enforcement. When planning your communications, include key details that might help those at risk protect themselves and their information. Avoid publicly sharing information that might put affected parties at further risk. Keep communication lines open. Be transparent with your employees and customers about what happened and what you are doing to fix the problem.

Plan for the next one: After experiencing a data breach, protect your business from the next one. Train employees on what to look for, review all systems, set up alerts, change passwords regularly, set up 2-factor authentication, and monitor financial accounts.

“After you’ve experienced a breach or your business has experienced security risk, set up the systems to protect your business from future attacks or breaches because your business will always be a target,” Anderson said. She advises businesses to refer to the Federal Trade Commission website for resources and guides to help respond to and protect their business and customers from attacks.

Angela Anderson is the Information Security Officer at Coastal Community Bank. For more information, please contact a banker at one of Coastal’s 14 local branches. www.coastalbank.com Member FDIC. Equal Housing Lender.