What to do when your small business is hacked


The bad news?  Your small business was hacked.  The good news?  It does not have to immobilize your operation or hinder your growth moving forward.  Unfortunately, cyber-criminals are targeting small business more and more.  The website smallbiztrends.com estimates that cyber attached targeting small businesses are up 43% since 2011, while other sites say that number is closer to 300%.  There may be many reasons for this increase, but mostly because small businesses are less prepared, do not have the infrastructure, and do not have a plan in place in the event that there is a breach.  Follow these steps to make sure that you are prepared if this happens to your business.

Investigate:  To effectively respond to a breach, get a full picture of what happened, including how the hackers got in, which computer/ accounts were compromised, and what data was accessed or stolen.  This part can be costly because you will most likely need to involve security consultants or a security software company.  It may also become necessary to contact your local, county, state, computer crimes unit and the FBI, which can provide valuable guidance.

Seek legal advice: After you speak with the police and your IT consultants, you may need to contact an experience attorney.  For instance, was the personal information of your employees or customers compromised?  You likely have a legal obligation to notify them.  An attorney can also be helpful when trying to work with financial institution, if your bank or credit accounts were hacked.  Unfortunately, the laws protecting commercial accounts are not as stringent as those protecting personal accounts.

Eliminate the problem:  Once you have located the problem and started to rebuild, you want to make sure you limit and prevent the damage.  You may need to take disruptive and costly steps, such as removing infected computers or shutting down your website while you clean up your server network.  Depending on how and where the breach occurred, you will still want to reset passwords, secure your accounts and either restore or replace computers.

Use the ‘Cloud’ carefully:  Using cloud based technology is the new trend in small business management.  It is fast, convenient, and allows you to work from anywhere.  The problem is, though, no matter which way you cut it, data stored on the cloud doesn’t belong to you.  There are very few cloud storage solutions that offer encryption for data while being stored.  Be wary when using the cloud.  A good rule of thumb is it is sensitive or important, don’t use the cloud.

Rebuild:  You, obviously, want to make sure you do everything you can to prevent any future attacks.  Keep your software up to date.  Make sure your anti-virus and malware programs or up to date and working as well.  It may also be worth future headaches to designate one computer for financial transactions and no other web activity.  Training your employees to practice smart surfing and emailing – because phishing scams still exist!

Continually Revisit and Reevaluate your Security Plan:  Make sure your defenses are running properly and that data is backed up securely.  Your IT manager, even if that is you, should consider setting up an activity log on all devises to track usage, so future problems can be investigated more easily.  Your plan includes how to restore normal business processes, so be sure to update your plan as you update your processes and add employees.  Finally, considering a cyber-insurance policy may be work the investment, if you don’t already have one.

Smaller companies can be attractive because they tend to have weaker online security or don’t have a plan in place to regain control of their network and accounts.  It is a tempting option to bury your head in the sand in the short term, in order to save money.  However, the cost of hacking can range from minor inconvenience and reputation damage, to loss of customer financial data and hefty fines.  Make sure you are protected by following these steps.  You worked hard to build your small business, make sure a cyber-criminal can’t take your hard work away from you.