A data breach is one of the worst things that can happen to a business or its customers. When criminals gain unauthorized access to financial information or other personal data, they can steal identities and rack up thousands of dollars in fraudulent charges.
As a customer, your credit card issuer or bank may offer liability protection, so you may not be held personally responsible for financial damages.
As a merchant, the fallout from a business data breach can be crippling, once you factor in the possibilities of:
Yet, how do data breaches even happen? What steps can you take to help protect yourself? Is it possible to recover once a breach occurs?
Data breaches happen quite frequently given how interconnected our world is today. Since 2016, over 1,000 data breaches occur each year in the United States alone.1 Every computer, cellular device, networked system, and unsecured Wi-Fi connection represents a potential point of entry for a would-be thief. The problem will only continue — especially as we migrate more of our personal and financial lives online.
Unfortunately, businesses can be unaware of how vulnerable they really are. Some companies do understand the landscape, but may not have the resources or the technology required to help prevent the criminals from infiltrating their systems.
Here are some steps you can take to help reduce the risk of a data breach, including:
However, we also recommend shoring up your payment environment — since financial data is what thieves are after most often.
Some of the more effective approaches include:
Some of these security methods may also be used to help safeguard nonfinancial data like email addresses, Social Security numbers, and even patient records.
However, no preventative measures can ensure 100 percent protection. They can only help make your business’s data more difficult to access.
What should you do if you become a data breach victim?
Some companies may not announce that their systems were breached — or they delay sharing details in a timely manner.
This lack of transparency only makes the problem worse. All affected parties will learn about the data breach eventually. What’s more, by not alerting the victims as soon as possible, you’re giving criminals more time to do more damage.
One of the most important steps involves alerting everyone as soon as possible, including customers, payment processors, banks, employees, vendors, and even credit bureaus and the authorities.
The next step involves taking your systems offline, changing all passwords, and restricting employee access on a need-to-know basis. It may already be too late to stop some of the damage, but there’s no reason to leave potential vulnerabilities exposed.
Thereafter, you’ll want to bring in a security expert to help measure the full extent of the damage. This process involves conducting detailed sweeps of all affected devices, systems, and networks. True recovery can’t begin until any latent malware has been identified and removed — and finally, you can start rebuilding.
This is a slow process that involves educating employees, customers, and vendors about what happened — and why. You also need a plan of attack to help ensure that no such data breaches ever happen again in the future.
The recovery process isn’t a pleasant experience, which is why we recommend investing the requisite time and effort to help prevent and minimize the risk of data breaches.
If you’re interested in learning more about using effective security methods to help reduce your risk of a data breach, schedule a consultation with our merchant services team today.
This information is provided for informational purposes only and should not be construed as legal, financial, or tax advice. Readers should contact their attorneys, financial advisors, or tax professionals to obtain advice with respect to any particular matter.
1 “Annual number of data breaches and exposed records in the United States from 2005 to 2020,” Statista, 3 March 2021