Being hacked is every business owner's nightmare, but there are some important steps you should take if you believe you've been hacked.
A Tennessee-based health company announced on Monday that hackers had compromised its system, making off with the personal information of approximately 4.5 million patients. USA Today reports that Community Health Systems was possibly the victim of a Chinese hacking group that used "highly sophisticated malware and technology" to pilfer the data.
If you fear your business has been hacked, here are five first steps you may want to take:
1. Alert Your IT Team.
Whether you have an in-house information technology (IT) team or you've decided to outsource, the first step is to alert your technology professionals to evaluate your hacking situation. It's prudent to consult with an IT professional instead of using your own judgment in this case, especially if you're unaware if you've been hacked or not. A well trained IT pro should be able to determine if you've been hacked, quarantine the affected systems, and eradicate any malware left on your system.
2. Change Your Credentials.
Once your IT team has given you the OK to use your system again, you'll need to change your usernames and passwords. It's important to do this step after all vulnerabilities have been patched up, since existing holes in security will make changing your business' passwords a futile enterprise.
3. Communicate With Your Employees.
Many hacking incidents are made possible by employees who unknowingly click malicious links in their emails, social media, or when browsing the Web. You can run drills or fake "phishing" tests on your employees, but your workers need to be informed of how the company was made vulnerable to hacking and what they can do to prevent it.
4. Contact 3rd-Party Vendors.
Sometimes a vendor may be the weak link in your cybersecurity chain, which was the case with Target's massive breach last year. If you think you've been hacked, a third-party vendor may bear some responsibility. This is especially germane if you've included a cybersecurity clause in your vendor agreements.
5. Inform Clients and Customers.
If customer or client data has been compromised in a hacking attempt, your business needs to inform them of this. USA Today notes that Community Health Systems is working to notify the affected patients, in a network that spans 29 states.
For more detailed advice when you suspect hacking, contact an experienced business attorney near you.
- Community Health Systems says data stolen in cyber attack (Reuters)
- Top 5 Cybersecurity Tips for Small Businesses (FindLaw's Free Enterprise)
- Protect Your Firm From Cyber Attack: Tips to Boost Cyber Security (FindLaw's Technologist)
- Consult with an experienced business attorney about your options (FindLaw)