Handling an Office Data Breach
Whether you have most of your data stored digitally or you maintain paper files, a data breach can always occur. As much as you might try to safeguard your information, it could still occur, and it’s important to know what will happen if it does. If you find that you’ve been hacked or if someone broke into your paper archives, there are several steps you should take to manage the situation.
Secure Your Data
The first step is to secure your operations to prevent further data loss. This will involve various measures, including:
- Lockdown and change access codes to physical storage areas
- Take equipment offline
- Update credentials and passwords
- Take down information from websites that may have led to the breach
- Preserve evidence—don’t shut down your system, delete files, etc.
These steps need to be taken as quickly as possible, i.e. as soon as you find out about the breach.
Determine the Problem
Once you have your system on lockdown, put together a team of experts to determine the problem. IT personnel and other employees can help, but professional forensic investigators would probably be ideal, especially if you don’t know how the breach occurred. They can collect evidence from your computer systems and affected areas and determine what went wrong.
Once they find what happened, you’ll also want to calculate the total damages since this will be important when you notify law enforcement and legal counsel.
The next step is to research who you need to notify. If client data was lost, for instance, then you’ll need to notify them. Additional parties you may need to reach out to include:
- Online users
- Other businesses affected by the breach
- Law enforcement
- Legal counsel
- The media (in some cases)
- The Federal Trade Commission
- Health and Human Services (if health information was lost)
Communications made to your clients and affected businesses should outline what information was compromised and what steps they should take to protect themselves.
The final step is to take measures to prevent further breaches. This can include document digitization, updating security and access control protocols, and using offsite document storage services such as Armstrong Archives. These methods are well worth the cost to implement as they will spare you further data breaches in the future.