Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

8 steps to take if your organization is hacked

1,511 views

Published on

Do you know what to do if your organization is hacked? We walk you through 8 steps you need to take to protect your business, clients, and customers. For even more cyber safety tips, check out aicpa.org/cybersecurity.

Published in: Technology
  • Be the first to comment

8 steps to take if your organization is hacked

  1. 1. 8 steps to take if your organization is hacked
  2. 2. 1. Contact your insurance carrier or advisor If you have cyber insurance, the first thing you should do is contact your carrier. They can provide you with resources to help you through the next 7 steps. If you don’t have a cyber policy in place, you’ll still want to read on – but seriously consider investing in one! 2
  3. 3. 2. Identify breach details You need to determine the extent and scope of the hack or breach. Consider working with a forensics expert to identify how long ago the breach occurred, how it occurred and what data has been exposed. 3
  4. 4. 3. Consult with legal experts and regulators Once you know what data has (or potentially has) been exposed and to what extent, your legal team can help you navigate your obligations. Keep in mind that the state where an impacted individual resides is the law that will apply – and each state has differing requirements for regulatory agency notification, impacted party notification and credit monitoring. 4
  5. 5. 4. Notify parties and monitor credit as necessary State laws differ on who you’ll need to notify and how quickly, but be prepared to do so. You’ll need to mail notifications and either hire a call center or establish one within your existing staff. And whether mandatory or voluntary, you’ll likely obtain a credit monitoring provider. Even if not required by law, doing so could help reduce loss of clients or harm to a business’s reputation. 5
  6. 6. 5. Take steps toward remediation What caused the breach in the first place? If it was human error, additional training may be required of your staff. Regular training is one of the best prevention methods. If it was a systems issue, you may need to hire IT consultants to help you secure your current system or install upgrades in security software. 6
  7. 7. 6. Restore data IT consultants will need to help you restore whatever data was lost or stolen. The longer it’s been since your last data backup, the more tedious this task could be. That’s why your organization should always back up data on a regular basis. 7
  8. 8. 7. Manage public relations Depending on the extent of a breach, you may need to hire a public relations firm. Getting in front of a situation as quickly as possible can help mitigate reputational harm and lost business. Experienced PR professionals can help get your message out promptly and effectively. 8
  9. 9. 8. Involve law enforcement Contact your local FBI office directly or go through an attorney that specializes in data breaches. The FBI can describe the current cyber threat landscape and provide an understanding of how they’re able to assist in the event of a data breach. 9
  10. 10. 10 For more information on cyber best practices, visit aicpa.org/cybersecurity. This information has been adapted from the document “HACKED! Building defenses against and responses to intrusion,” a publication by the American Institute of CPAs

×