The Silver Lining In Your Cloud TM

5 Steps to Take After a Small Business Data Breach

Even with the best security measures in place, data breaches are an all too real possibility for small businesses. What your company does in the wake of a data breach is just as important as the security measures you take to prevent such breaches in the first place.

According to statistics from the Ponemon Institute, “the average consolidated total cost of a data breach grew from $3.8 million to $4 million” in recent years.By taking the right steps after a data breach, companies can minimize the damage to both themselves and their customers.

The question is: Do you know what to do after a small business data breach?

Here are a few steps to take in response to a breach:

Step 1: Identify the Source AND Extent of the Breach

The first thing to do is to identify the source and extent of the breach so that you can address it ASAP. Ideally, you should have intrusion detection and/or prevention systems (IDS and IPS) in place that can automatically log such security events for you.

Using these logs, you can track down the source of the breach, see which files were accessed, and what actions were taken by hacker. This information will be crucial to your next steps.

If you don’t have IDS/IPS for your network, collecting this information will be considerably more time and labor-intensive for your IT team.

Step 2: Alert Your Breach Task Force and Address the Breach ASAP

You should have a team of IT personnel in your business who are tasked with handling emergencies such as data breaches. Gather this breach task force so they can address the breach as soon as possible.

If you have an IPS solution in place, it may be able to help you proactively address the breach by automatically taking action to prevent unauthorized outside access. However, even with an IPS solution, it’s important to have a team in place to deal with a breach—just in case.

The specific actions you’ll need to take may vary based on the nature of the breach, but one measure that experts recommend is saving a disk image or copy of the affected servers at the time of the breach for legal reasons.

If an employee account was used in the attack, revoke that account’s privileges immediately, and have other employees change their passwords as well.

Step 3: Test Your Security Fix

Immediately after implanting a short-term security fix to prevent further access to your data, test the fix as thoroughly as you can to make sure the attacker cannot use the same method to attack your company again.

This kind of penetration testing should be repeated for all of your company’s servers/virtual machines to make sure the vulnerability doesn’t exist elsewhere.

Step 4: Inform the Authorities and ALL Affected Customers

Once you have a fix in place and have made sure it will work, contact the authorities and reach out to any customers that may have been affected by the breach. Federal authorities may be able to provide you with crucial instructions for complying with post-breach regulatory standards for your industry.

Reaching out to customers gives them a heads-up that they may need to take measures to protect their identities, such as cancelling credits cards and changing bank account numbers. This may be an inconvenience for them, but it’s better than getting blindsided by identity theft.

When notifying customers, three critical elements of your notification are:

  1. Time. The sooner you can alert customers to a breach, the more time they’ll have to protect themselves from fraud.
  2. Information. Try to include some information about the nature and extent of the breach. If customer information was compromised, inform them of what information was taken.
  3. Thoroughness. It’s important to make sure that all affected parties are notified of the breach. If possible, try using more than one communication channel (email, phone, etc.) to make sure you reach all affected parties.

In your communications with customers, be open and honest about the breach and the risk to your consumers. If necessary, provide some next steps for your customers to take so they can protect themselves.

Step 5: Prepare for Post-Breach Cleanup and Damage Control

A data breach can have severe impacts well after the initial breach has been “resolved.” There is often a loss of consumer confidence after a breach, and restoring the public’s trust in your business can be difficult.


By neutralizing a breach quickly and minimizing the impact of the breach, you CAN reduce the cost of the breach. However, even a small business data breach can be costly, and the road to recovery a long one.

Learn how you can monitor your cyber security threats and make your company safer with WHOA’s Threat Observation Platform today!