June 4, 2019
Managing a Security Breach

The best time to manage a security breach is right now before one happens. Unfortunately, as hackers employ increasingly savvy methods of stealing information, network data breaches are happening more and more frequently to businesses of all types, putting some pretty high-profile companies and in the news. A data breach not only has a negative impact on a business’s financials, but also can cause irreparable damage to their brand. Putting preventive measures in place is essential, but so is having an effective plan for how to cope with a data breach if it happens to you.

We’ve Been Hacked! Now What?

Once the horse is already out of the barn, you’re forced into a reactive position. Being proactive is always the better route to take. However, if your systems have been breached, here are some immediate steps to take to help manage the situation and address any backlash or negative press.

The first step is to shut down systems to prevent further damage. You’ll also want to identify exactly where the breach happened. A lot of breaches are traced back to email attachments.

Hackers leave a trail of time stamps and code. Your IT department will be able to identify these and assess the entire system. Note: If you use SSL Certificates (which you absolutely should be if you retain any type of customer personally identifiable information [PII] and especially financial information such as credit card numbers) you must report the breach to the Certificate Authority.

Managing Public Fallout

The biggest hurdle in getting out in front of a data breach that has already occurred is communication and notification. All 50 states, the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands have now enacted laws that require both private and government entities to notify individuals when a security breach of personally identifiable information has occurred. 

As soon as you’ve discovered that your systems have been hacked into, it’s important that you control the message. Don’t let someone else interpret the story, and certainly don’t EVER try to cover up anything. Always be as transparent as the situation allows. A cover-up will always come back to bite you, and it will make your business appear very untrustworthy. It’s as important to inform your internal teams (IT department, any staff with client contact, PR and marketing department for crisis communications) as it is to broadcast the message externally (email to clients, email to board members or other company stakeholders, an official company press release). Depending on the size of your company or the scope of the breach, you may also want to arrange a press conference with local and or national media. In this case, it’s best not to attempt to go it alone; let the pros with PR and media relations expertise take the reins.

Basic rules of engagement include:

  1. Accept responsibility if an internal situation or point of failure was the cause of the breach.
  2. Give details and spell out exactly how the breach happened.
  3. Explain the measures that you plan to take to help ensure a similar breach doesn’t happen in the future.
  4. Internally, figure out what you’re going to offer the affected customers (e.g., a discount or a year’s subscription to a credit monitoring service).

How to Help Prevent a Breach

Taking a few simple steps can help to keep the bad guys out of your business. Password security is the easiest one to take. All passwords should be at least 12 characters long and use letters (upper and lowercase), numbers and special characters. IT experts at Georgia Institute of Technology say that a hacker can crack an 8-character password in less than two hours. A 12-character password, on the other hand, would take roughly 17,000 years to crack. It’s also important to prohibit the use of most commonly used passwords such as 123456 or “password.”

Make sure to have Cyber Liability Insurance Coverage (CLIC). While a CLIC policy won’t protect you from cybercrime, it can protect you from financial or business interruption loss due to a cyber attack. CLIC typically covers the following:

  • The investigation:It’s important to conduct a thorough forensics investigation to discover exactly what happened, how you can repair the damage, and how you can prevent a future reoccurrence. Investigations typically involve not only your internal IT department, but also the services of a third-party security firm, and coordination with local law enforcement and even the FBI if necessary.
  • Business losses:A CLIC policy will often include many of the same items that are covered by your company’s errors and omissions policy (coverage for mistakes due to negligence and other human errors), in addition to financial losses because of network downtime, overall business interruption, data recovery and costs resulting from crisis management consulting.
  • Notification services:This coverage includes sending the mandatory data breach notifications to customers and other affected parties, which, as indicated above, are mandated by law in all U.S. states and territories, as well as paying for credit monitoring for customers whose information was or might have been breached.
  • Lawsuits and extortion:This coverage includes any legal expenses, settlements and regulatory fines that you may incur as a result of the breach. It might also include reimbursement for the costs of cyber extortion, such as money lost as a result of being hit with ransomware.

 

Taking these steps will help protect you from an attack as well as help you mitigate the potentially negative impact of an IT security accident. When implemented correctly they will also reflect your company in a more positive light, showing that you’re reliable, responsible and transparent.

McDonald’s

Marketing / Communications

We help one of the world’s best brands increase sales and guest counts through reputation management and content marketing that successfully maximizes paid media efforts.
 

Find out how.

Close

Request Your Guide to Ghidotti!

We’d love to start a conversation with you about how we can create results for you. First step? Request your very own Guide to Ghidotti to learn more about our public relations and content marketing firm. This is a look inside our agency and will give you a good feel for who we are, what we do and how we partner with our clients to move the needle.

Close

Are You the Next Rock Star on the Ghidotti Team?

The Ghidotti Team is overflowing with full-fledged rock stars. Sure – we’re looking for the best, brightest, most creative, most organized. You get the picture. But what we REALLY want is someone who we can laugh with, depend on, learn from and do great work together. Learn more about who we’re looking for and what you can expect.

Experience in public relations, content marketing, digital media and influencer marketing is a must, but here is what we really want in a fellow Rock Star. Don’t let it scare ya – we just have high standards!

  • You anticipate every move of our clients and us.
  • You dream of ways to crack the Instagram gold mine in your sleep.
  • You are resourceful.
  • You are humble.
  • You know what needs to be done because it just comes naturally.
  • You are accurate. Every. Single. Time.
  • You take our vague guidance and get it done.
  • You are fast, yet error-free and awesome.
  • You care about every single, tiny, little detail.
  • You follow instructions.
  • You know you are extraawesome, and totally own that.
  • You meet deadlines even when you only have minutes to do it.
  • You can handle your own drama. Better yet, you don’t have any.
  • You have a life outside of work that you love and nurture.
  • You loathe micromanagers and don’t need one.
  • You love learning new things.
  • You sing karaoke and have “that song” when you really need to bring it.
  • You ask questions when appropriate. (Basically, you don’t ask us how to spell someone’s name because you know how to Google like your life depends on it).
  • You treat our clients and your team members with respect.
  • You are funny.
  • You are caring.
  • You are a good friend and co-worker.
  • You are creative and think of winning marketing ideas in your sleep.
  • You love writing award entries. Like it’s your job!
  • You are resourceful. It’s so important that we’re mentioning it again.

Rock Star Environment

We strive to create a fun, engaging atmosphere where high fives, chicken minis, and celebrations are commonplace. We lift one another up, honor achievements and reward hard work.

  1. Professional Enrichment

    Whether instructor-led, web-based or sharing during Fireside Friday, we are always learning more!

  2. Community Engagement

    We love the state of Arkansas. Our team enjoys outings to locally-owned businesses and pride ourselves on community involvement. In addition, employees are often offered free tickets to community events to get out and enjoy life with friends and family.

  3. Team Building

    Quarterly adventures for the team!

  4. Winter Recess

    We shut this place down at the holidays so we can all rest, relax and reinvigorate for the new year.

  5. Summer Fridays

    We get an early jump on the weekend every Friday during the summer.

  6. Volunteer Time Off (VTO)

    Along with your PTO, you also get VTO to use to support your favorite charity or organization.

Does this describe you?

Apply for one of our open positions or just send us an email letting us know why you should be part of this Rock Star team. Email bethany@ghidotti.com.