The Beer Store has been around for almost a century with origins dating back to 1927. It’s one of the largest beer distributors in Canada serving customers more than 800 beer brands, in over 450 retail stores, from 200 brewers around the world. And as the business entered Q2 of 2020, they were struggling to respond to a data breach where ransomware was deployed by hackers on their corporate computer system.
Some of The Beer Stores’ retail locations are still only accepting cash, and their online ordering system has been unavailable for over two weeks. This comes at a time when alcohol sales have seen a 500%+ increase due to governmental stay-at-home orders. It has left brewery partners frustrated, customers and staff worried about handling cash, and experts puzzled as to why it has taken so long to fix the problem. What can your business do to avoid this scenario?
What To Do If My Business Gets Hacked
When a potential data breach is identified, time is the enemy. Quickly responding can exponentially help organizations that have been placed in a compromised position. Here are the steps that a business should take to respond to a data breach:
- Execute your organization’s data breach response plan
- If your business doesn’t have an established data breach response plan, immediately contact an Incident Response expert
The first step isn’t helpful if organizations are behind the eightball and in the middle of a data breach. The best thing to do in this scenario is to not panic. To be proactive and strengthen your business, it is important to develop a plan if a data breach occurs.
How To Create A Data Breach Plan
Establish a Data Breach Response Team
Assemble a group of stakeholders from across the business to help reduce the organization’s risk. Identify the data breach response team and empower them to develop and execute a sound plan.
Train The Team
With a growing list of resources that are readily available, provide the team with training and tools to assemble the best plan for the organization. The legal and regulatory elements of a data breach response including notification requirements to clients and vendors need to be in the team’s knowledge base. Record training elements and resources as evidence that the organization has acted in their best interest.
Write and publish a data breach plan and establish an open line of communication between the response team.
Plan ahead by having master service agreements in place with key vendors, (breach response notification specialists, call centers, credit reporting agencies, etc.). It is a critical step to reducing frantic actions if an incident response is necessary. Indemnification language is important to establish in advance and not during a data breach.
Practice doesn’t make perfect, it makes permanent. Errors made during a breach response can be extremely costly, so conducting tabletop exercises twice a year on data breach scenarios is a good standard.
How to Get Ahead of a Data Breach
Like with any other business contingency plan, thinking about and preparing for incidences before they happen are key. Time is a key element during a data breach. The time invested prior to an incident will pay dividends for organizations when they experience a data breach. Producing a plan is attainable for businesses large and small. Leverage the wealth of resources available to mitigate the risk of when, not if, a data breach impacts your organization.
While Fortune 500 companies have the internal knowledge base and headcount to develop comprehensive data breach plans, medium and small businesses don’t always have the resources to do this on their own. If your organization needs help in establishing a data breach respond or evaluating your current plan, we can help.
Schedule A Data Breach Plan Consultation
Our incident response experts have successfully navigated data breaches for small businesses and Fortune 500 organizations. With no strings attached, they will review and/or help develop a plan for your business.
Part of this story originally appeared in The Star.