Data breaches are becoming more common as hackers become more sophisticated. Your business may be subject to a security breach by a vendor or organization. For example, in January, the Washington State Department of Licensing disclosed the data of 650,000 former and current business owners, according to the Washington Policy Center. You can also witness hackers stealing personal information from your server or attempting phishing or spoofing.
“It’s not a question of if, it’s when it’s going to happen,” said Angela Anderson, SVP, information security officer for Coastal Community Bank. Anderson oversees the bank’s information security and fraud investigation teams and sees more fraud attempts happening across the financial industry.
“We see and hear about more fraud and security breaches in small businesses than larger companies, largely because they don’t have the same level of resources to invest in systems and policies to protect them,” she said. “However, regardless of your preparation, every person and business is at risk of being hacked through their personal or business accounts, or through the vendors or organizations they do business with, which are equally at risk of hacking and security.” She warns: “This will not stop. It will continue to get worse as hackers develop new skills and tactics.”
Anderson has advised businesses in the region after experiencing a data or security breach and advises businesses to take some important steps after learning of an incident. Though every breach is different, she said these steps can help your business once it’s discovered.
Secure your business: To prevent multiple security breaches, secure physical and data sources associated with the security breach. Change access codes, credentials and passwords and prevent additional data loss by taking all affected devices offline so you can assess the scope and source of the security breach.
Investigate the violation: Find out how it happened and what information was accessed or stolen.
Fix vulnerabilities: Check service provider and supplier access and verify access rights. Check your network. Is it segmented so that a violation on one server cannot propagate to another server or location? If your company is outsourcing your storage and network, talk to your provider.
Communicate: Assess who needs to receive notices or be notified of the incident and who will be impacted, ie employees, customers, investors, vendors, business partners, other stakeholders, your legal department and law enforcement. When planning your communications, include important details that can help vulnerable individuals protect themselves and their information. Avoid publicly disclosing information that could put affected parties at further risk. Keep communication lines open. Be transparent to your employees and customers about what happened and what you are doing to fix the problem.
Plan for the next: After one data breach, protect your business from the next. Train employees on what to look out for, audit all systems, set up alerts, change passwords regularly, set up 2-factor authentication and monitor financial accounts.
“After you’ve experienced a breach or your business has been exposed to a security risk, put the systems in place to protect your business from future attacks or security breaches because your business will always be a target,” Anderson said. She advises businesses to check the Federal Trade Commission’s website for resources and guides to help respond to attacks and protect their business and customers from attacks.
Angela Anderson is Information Security Officer at Coastal Community Bank. For more information please contact a banker in one of Coastal’s 14 local branches. www.coastalbank.com. Member FDIC. Equal Housing Lender.