How to begin handling a data breach
November 21, 2014

Retailers have become more wary of how they handle cardholder data in the past year. There's good reason: After Target suffered a massive data breach in late 2013, its sales took a massive hit that it has yet to recover from. Home Depot is suffering from a similar situation, with news spreading that the attacks on its card data turned out to be much larger than anticipated. Some smaller stores may think themselves safe because they're not a big enough target to be worth the hacking, or have integrated payments systems. But that sort of thinking often ends up with them having to recover from their own servers being compromised. In the event that a merchant suffers from a security breach, a plan of action must be established to minimize the fallout.

Treating it like a crime scene
The first thing a company should do when a data breach has been confirmed is to keep the power running at all costs. The Electronic Transactions Association says that stores have a tendency to defensively cut power, but that is a mistake because evidence needs to be gathered to help determine what hackers got into. It's more helpful to simply isolate the compromised computers from the rest of the network by unplugging Ethernet cables or disabling Wi-Fi, followed by leaving it completely untouched while investigations are carried out.

During this time, a store should be able to figure out what exactly got compromised in the first place. InformationWeek notes that a lot of retail businesses tend to underestimate the amount of data they actually have until a breach happens. Because of this, there may be a greater risk of hacking if other employees are able to access anything. While everything is being investigated, it's wise to limit employee access until the situation is cleared up, especially if there is a reason to believe that an employee's account was the way to get into anything.

Next, retailers should make it a point to make someone leader of the response effort. It should likely be another store manager or administrative official who can effectively communicate with consumers, investigators and employees. While a plan is being a developed, this person should be kept aware of the situation so that he or she can convey some message to the rest when facing inquiries. In addition, they should be expected to enact the plan once it is finalized. Once all these steps are in place, a full-scale investigation on the data breach can commence.

Nexus: G-WEBCD3