Confidential information leaks are terrifying for businesses. They’ve caused clients to pursue elsewhere, employees to lose their jobs, and reputations to be destroyed. In some cases, businesses are even forced to shut down.
If a breach of confidential information happens to you, here are the steps we recommend you to take to make the experience as painless as possible:
1. Report the leak
Whether it’s a leakage of company information or client information, your instinct might be to try to reverse the damage and pretend it never happened. Let’s be honest though, the word “unleak” doesn’t exist for a reason. What’s leaked is leaked.
Instead, you should be transparent and inform all relevant parties of the leak as soon as possible after an investigation. Hiding it won’t do anyone any good because it can prolong the mitigation process and lead to an even bigger tragedy.
After Equifax’s security breach in 2017, they waited almost a month and a half before making the news public and it resulted in many infuriated customers who could have taken action sooner and reduced their risk of being victim to identity theft. This had a negative impact on the reputation Equifax worked so hard to build.
2. Temporarily refrain from sharing important information
If you’re unsure about the cause of the information leak, it’s possible that confidential information you share after the leak can be leaked as well. In this situation, it’s best to hold off on sharing information until you understand how the security breach happened and how to prevent it.
In an instance where your business relies on the sharing of information, just make sure you’re more cautious about who has access to critical information and what tools you’re using.
2. Identify the cause of the information leak
It’s difficult to prevent a leak from happening again if you don’t know how it occurred in the first place. While it’s not always easy to identify the cause of a confidential information leak, it’s important to try to find the security vulnerabilities that make your information less secure. A good place to start is to get more high-level employees involved to cut the time required. Think of it as a security breach search party.
Here are a few common security threats that lead to leaked confidential information:
- Phishing scams
- Insecure file sharing tools
- Outdated technology
- Information accidentally shared to the wrong recipients
- Weak or stolen credentials/passwords
- Information theft by employees
- Accidental sharing of confidential information
3. Patch security vulnerabilities
A good way to combat phishing scams is to adopt a security culture at your company and provide proper training. Employees should be made aware of the dangers of phishing and how to keep an eye out for it. A good way to catch phishing attempts is to verify the source before responding and/or providing information. Also, don’t open any files that look suspicious.
Insecure File Sharing Tools
Your confidential files are only as secure as the file sharing tools you use. Typical email and cloud sharing services are convenient but don’t offer the encryption you need to share files safely.
Using the latest technologies will instantly help you improve your security. Outdated technology is easier to hack because it often doesn’t contain the security updates and features you need to protect yourself from modern day cyber attacks. As an example, some businesses are still using Windows XP on their computers even though Microsoft officially ended support for the operating system in April of 2014. This leaves their computers and sensitive information vulnerable.
Information Shared to the Wrong Recipients
It’s a good habit to always double-check who you’re sending information to, especially if the information is confidential. This includes checking the main recipient and those who are Cc’d Bcc’d. One simple, careless mistake and your messages will end up in the wrong inbox.
It’s good to use a combination of lowercase and uppercase letters, numbers, and symbols in your password to make it more difficult to guess or obtain from brute force attacks. You can use a tool like How Secure is My Password to estimate how long it’ll take for a computer to crack your password.
Information Theft or Accidental Sharing by Employees
Unfortunately, there’s no way to guarantee that your employees don’t take off with or accidentally share your company’s confidential information. However, the solution is not restrict your employees’ access to information!
Our president, Tony Abou-Assaleh wrote in an article last year, “Don’t impose blanket bans on employees – in order to work effectively they do require timely access to data. Blocking access to information may do more harm than good, and is not the solution to prevent future confidential customer information leakage.” He follows up with, “Instead, focus on training employees and giving them the skills and confidence they need to make security decisions. This is more effective in preventing workplace confidentiality violations.”
You should clarify with your employees what information is confidential and the consequences of stealing or sharing it.
4. Own up to the mistake
Since the leakage of confidential information shouldn’t have happened in the first place, you should own up to the mistake.
Due to the incident, some relationships may be broken. However, it’s not always impossible to repair them and it’s worth it to try. Taking responsibility for the damage and issuing an apology to everyone that was affected by the leak is a great place to start. It can be difficult to admit your mistake but you’ll gain respect for doing so.
In this step, it’s also important to clarify the preventative measures you’re going to take to give the affected the peace of mind they deserve.
5. Put it in the past
Once you’ve taken all the possible steps in handling your security breach, it’s time to move on. Instead of dwelling on what happened, learn from this experience and do whatever you can to prevent the leakage of confidential information in the future.
Security breaches are definitely not something any business wants to deal with but if you play your cards right, one day, this might just become a topic that comes up at your dinner table and nothing more.