No matter how diligent you are about security, there’s always a chance you can get hacked. That’s why you need to put a plan in place now to protect yourself and your clients, so damage is minimized. But what should you do if you find out you’ve been hacked?
First, contact your IT department or provider immediately. The faster IT staff can address the attack — and determine the extent of the data, applications and machines compromised — the better your chances are of preventing much bigger problems. The professionals will go to work on containing the attack and conducting a full scan of your network.
Based on what is discovered, you may be advised to contact the local FBI office and your attorney. Your legal responsibilities depend greatly on the type of data accessed. For example, if medical, financial or other confidential records were stolen or accessed, you are legally responsible for notifying those individuals that their data was compromised. Your attorney can best direct you on what you need to do and how to do it.
Alan Edward, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.