Running a business in the digital era has introduced new tools, technology and marketing strategies that were not even possible 50 or 100 years ago. One of the basic requirements for today’s businesses is to have an online presence. That could be a page on social media platforms, a website or just some contact information on digital directories.
Your online presence is key to reach more clients and grow your business. Your clients might contact you in many ways; create an account on your website, send you messages on social media platforms, emails, or signup to your newsletter. Through these processes, they have trusted you with their personal data such as their names, email addresses, telephone numbers, or even their credit card details. This sensitive data could be saved in your website database, mailbox or company premise. Your clients expect you to treat their data with utmost caution and practice all necessary measures to keep them protected.
The question is: what if your business gets hacked in one way or another and your clients’ personal data was compromised?
What is my responsibility if my clients’ data were hacked?
Your business data being hacked is a traumatic experience that everyone would want to avoid. It can cause financial losses, reputational damages and even legal consequences if your clients’ data were exposed.
There have been new legislations such as GDPR and PCI compliance that have increased businesses’ responsibilities toward potential breaches in their clients’ data. However, the liability line is not clearly defined and each case is studied on its own, taking in mind current security procedures that the company has in place and the steps that have been taken since the breach was discovered.
What should I do if my business gets hacked?
With cyberattacks targeting small to medium businesses significantly increasing in the UK, it is important to prepare yourself for the next step should the worst happen. Here’s a breakdown of what you need to do in such situation:
Contact Your Clients
The first thing you need to do is to inform all compromised clients that there has been a breach in their personal data. Make sure to do this step as soon as possible and within 72 hours of becoming aware of the breach.
- You need to report the breach to the Information Commissioners office (ICO).
- You need to contact your bank immediately and explain the situation so they can stop pending transactions that the hackers might have initiated and monitor your account.
- You also need to contact the police as hacking is a crime that they need to be aware of.
- Contact your solicitor who will help you speed up investigations, protect your clients’ interests and pay back any amount of money that was stolen.
- Finally, you need to review your businesses current insurance policies and contact your insurer.
These actions are crucial to protect your clients’ interest and minimise the potential losses of this hack.
Setup a Response Plan
It is important to show third parties that you’ve put everything in place to avoid any potential breach to your clients’ data, such as having an IT consultant who frequently map and identify any risk elements in your system and develop plans to ensure better risk management in your business. It is also an advantage to have an IT Disaster Recovery Plan (DRP) in place to help you recover your data and put your system back to work as fast as possible.
If money was stolen from your account, you need to contact your bank and insurer to discuss the situation and find out how to pay back the stolen money.
Prevent further attacks
It is very important to know how the hack happened to be able to prevent a similar one in the future. The hack could be due to a security failure, an inadequate risk management system, weak antivirus or firewall, or lack of staff awareness about cyber-crimes and how to deal with suspicious spam emails and links.
Once you identified the weak points, work with your IT consultant to develop an effective IT security plan to prevent similar attacks from occurring in the future. Remember, it’s crucial to update this plan regularly to keep up with the rapid development in technology and new methods hackers might use to attack your business.
If you have any question, please don’t hesitate to contact us on 0345 200 1185 or send us an email to firstname.lastname@example.org