• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

Current price of oil as of July 1, 2026

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

Current price of oil as of July 1, 2026

10 Things You Need to Do If Your Business Gets Hacked

By
Jeremy Quittner
Jeremy Quittner
Down Arrow Button Icon
By
Jeremy Quittner
Jeremy Quittner
Down Arrow Button Icon
September 30, 2016, 2:00 AM ET
Data Center Of T-Systems
Thomas Trutschel Photothek via Getty Images
Add Fortune on Google for similar content.

What’s worse than a massive data breach? Not reporting it.

Yahoo is learning that lesson the hard way. The Internet giant is coming under intense scrutiny for only just revealing that at least 500 million of its user accounts were stolen back in 2014. It now faces multiple class action lawsuits and its sale to Verizon could be in danger.

The lessons learned don’t apply just to big corporations: any small business that collects customer information also has important obligations to its customers. In fact, 47 states and the District of Columbia each have their own data breach laws. (Only Alabama, New Mexico, and South Dakota do not.)

Increasingly, hackers are turning their attention to entrepreneurs. Forty-three percent of hack attacks in 2015 were against small businesses, according to Symantec’s 2016 Internet Security Threat Report. This is a 9% increase compared to 2014.

Here’s what small-business owners are required to do in the event of a data breach:

1. Inform customers immediately: Once you know a breach has occurred, by law you are required to inform customers whose data has been compromised. State laws may vary on how quickly you need to get the word out. Generally speaking, however, “speed is of the essence,” says Thomas Brown, managing director in charge of the cyber-security and investigations practice at Berkeley Research Group. Michael Kaiser, the executive director of the National Cyber Security Alliance, says businesses should inform consumers as quickly as possible, even if they don’t have all the answers. Exceptions may include when an investigation by law enforcement authorities is underway.

2. Send a written notification: You’ll need to send a written notification to every customer, that clearly states a data breach has occurred, when it occurred, and what kind of information was compromised. For example, was it driver’s licenses, credit card numbers, or social security numbers that were stolen? You’ll also need to say what the company is doing to provide a remedy, and what actions customers can take. Remedies may include directing people to a website or a 1-800 number set up by the company, where they can get additional information. You may also want to supply contact information of the three credit monitoring agencies, Equifax, Experian and Transunion, which can put fraud alerts on consumer accounts. In some cases, if the data breach involved more than 500,000 customers or notification costs would exceed $250,000, many state laws allow you to send electronic communication. (California, whose data breach statute is considered the most stringent in the U.S., includes in its law the exact template that businesses need to follow when communicating with customers about a data breach.)

 

3. Know the state laws. Currently the only state to do so, Connecticut recently amended its breach statute requiring businesses to offer a minimum of one year of credit monitoring to consumers affected by a data breach. You’ll need to offer it if you operate in the state.

4. File a notice of breach. If you notify more than 500 customers about a breach, many states will also require you to file a notice with your state attorney general’s office.

5. Comply with your industry’s regulating bodies. Businesses operating in certain industries, such as healthcare and financial services, may have additional notification requirements for example under the Health Insurance Portability and Accountability Act (HIPPA), or through regulating bodies including the Securities and Exchange Commission (SEC) or the Financial Industry Regulatory Authority (FINRA). Among other things, HIPPA stipulates that if a healthcare business experiences a breach involving more than 500 customers, it must notify a prominent media outlet about the incident. The SEC and FINRA also require financial services businesses to contact them about breaches, as well as any state regulating bodies.

Recommended best practices

6. Implement an ‘incident response’ plan. Have an “incident response” plan in place. It should be written and updated at least once a year. It should include the telephone numbers for attorneys, IT forensic experts, and vendors who can help with customer outreach. It should also map out what your computer network looks like, so you can easily identify the potential vulnerabilities. That would include any staff regularly working offsite, cloud service providers, or the networks of any company you may have recently acquired.

7. Call in a forensics team. Once a hack attack occurs, you should bring in cybersecurity experts who can test your network to find out what kind of hack attack occurred and in what part of your network. You should also consider annual testing to find out where your network weaknesses are — through a process called “penetration testing”, where experts closely scrutinize your network for holes that hackers can exploit. That’s particularly important as the nature of cyber threats changes quickly and continuously, security experts said.

Related: Why Small Businesses Think Hillary Clinton Won the Debate

8. Notify local and federal authorities. It’s not a requirement in most instances, but it could be extremely helpful, as the hack attack against your business might be part of a coordinated attack by criminals. “Local police may already be seeing similar kinds of attacks, and collecting evidence against perpetrators,” Kaiser says.

9. Consider cyber insurance. Policies can be purchased from most major insurance carriers for between $5,000 and $10,000 per $1 million in protection, says Mark Greisiger, president of NetDiligence, a cyber risk management firm. Policies will generally cover things like legal and forensic fees, expenses related to customer outreach, costs for providing customer credit monitoring, and court costs related to civil litigation and class actions. Many policies come pre-loaded with access to online portals that let you connect immediately with the experts you’ll need following a breach, Greisiger says.

10. Come up with a contingency plan. Data theft can shut down your business for weeks or months while IT experts work to secure your network again. You’ll need to do serious damage control with your existing customers, and figure out a way to keep sales channels open. That might include having a backup network or reverting to old-fashioned methods of selling, such as taking orders by phone or paper. “You have to get back to operating as quickly as possible,” Kaiser says.

About the Author
By Jeremy Quittner
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

Best private student loans for medical school
Personal Financestudent loans and debt
Best private student loans for medical school
By Joseph HostetlerJuly 2, 2026
2 hours ago
Michael Burry just shorted Caterpillar’s 172% AI rally. One analyst says his bet won’t even matter
Investingstock prices
Michael Burry just shorted Caterpillar’s 172% AI rally. One analyst says his bet won’t even matter
By Marco Quiroz-GutierrezJuly 2, 2026
3 hours ago
Opti-Greens 50 Review (2026): Insights from Hands-On Testing
HealthDietary Supplements
Opti-Greens 50 Review (2026): Insights from Hands-On Testing
By Christina SnyderJuly 2, 2026
3 hours ago
U.S. Treasury Secretary Scott Bessent
EconomyDebt
AI’s $2.2 trillion deficit fix is already half fake, economists say
By Tristan BoveJuly 2, 2026
4 hours ago
s
Personal FinanceSports
The sports economy is unaffordable at the bar, let alone the stadium
By Catherina GioinoJuly 2, 2026
4 hours ago
m
Politicsfraud
Trump fights fraud by freezing funding for New York’s Medicaid Fraud Control Unit
By Ali Swenson, Geoff Mulvihill and The Associated PressJuly 2, 2026
4 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
2 days ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
8 days ago
Current price of oil as of July 1, 2026
Personal Finance
Current price of oil as of July 1, 2026
By Joseph HostetlerJuly 1, 2026
1 day ago
Trump got a $78K pension from the Screen Actors Guild in 2025 because he appeared in Home Alone 2 in 1992
Politics
Trump got a $78K pension from the Screen Actors Guild in 2025 because he appeared in Home Alone 2 in 1992
By Sasha RogelbergJuly 1, 2026
1 day ago
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
Success
Today, Emily Blunt is worth $80 million thanks to her Hollywood career—but she actually wanted to be a UN Spanish translator on $80K
By Orianna Rosa RoyleJuly 2, 2026
16 hours ago
CEO of $248 billion cybersecurity company says workers are about to face a ‘Darwinian moment’ thanks to AI: Evolve or get cut
Success
CEO of $248 billion cybersecurity company says workers are about to face a ‘Darwinian moment’ thanks to AI: Evolve or get cut
By Emma BurleighJuly 1, 2026
1 day ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.