Data breach is the exposure of sensitive customer information due to hacking, theft or the accidental release of data. Business owners are expected to be custodians of customer information and have a reasonable expectation to protect their customers’ data. A data breach is impactful for all businesses, but it can be devastating for a small business without the resources of a larger corporation. In this four-part blog series, we share what business owners need to know to diminish the possibility of a data breach and its destructive impact if one is experienced.

In the case of a possible data breach, a business owner should follow these steps:

1. Immediately contact the financial institution that processes their payments. They will begin to guide the process.

2. Notify the insurance carrier or agent. The sooner they’re involved, the better from a liability standpoint.

3. Develop clear communication with affected customers. While it may not technically be required at this point (laws in some states differ in this regard; consult local authorities for guidance), the best practice in general is to be open and honest. In the long run, customers will value honesty even if it is likely to be embarrassing in the short term. Reputational harm can do irreparable damage to a business. The more that can be done to put customers at ease, the better. Clear communication of the situation will help convince customers that the business is not a risky place to shop, eat, etc.

4. Make sure any services offered to customers fit the nature of the exposed data. If only debit or credit card information is exposed without a Social Security number, credit monitoring is not necessary – a new credit line cannot be opened via an exposed credit card alone. Simply counsel customers to keep an eye on their own accounts. The affected institution will likely issue a new card. If Social Security numbers are exposed, don’t just offer one year of free credit monitoring – after all, Social Security numbers don’t expire and could be exploited at any time.

Next week in part 4 of this Data Breach Series, we will look at the wildly expensive costs associated with a data breach, and the protections to consider when considering a data breach policy – subscribe for email alerts.

Excerpts were taken from the following sources. For more valuable information on data breach: