But there is some fantastic news. In accordance with”2016 Global Security Report” by Trustwave, the security company, just 38 percent of international data breaches target ecommerce shops. Traditional brick-and-mortar retail shops are the most concentrated — approximately one-third of entire data breaches target magnetic strip information obtained from point of sale machines.
It can be hard, however, to discover a data breach. Forty-one percent of global breaches are detected by sufferers, while 58 percent of breaches are reported to their victims by regulatory bodies, credit card companies, and banks. This, again, is from the Trustwave report. The average median period between a network intrusion and detection is 168 times for outside detection and 15 times for inner detection.
Responding to a Data Breach
What should you do if you, as an ecommerce merchant, find or are advised of a breach? Generally speaking, create a response plan, execute on that plan, and examine your response efforts.
To do so, the first step would be to appoint a data breach team leader — a vital decision-maker with expertise in infrastructure and security protocols — to work with the provider’s insurance broker, law enforcement, internal and external public-relations teams, and external legal counsel.
After a team leader is chosen, record the events surrounding the discovery of the violation, like the date, time, and method of discovery.
After that, neutralize the danger of further breach by changing locks, passwords, access codes, as well as physical keys, if needed.
After that, contact law enforcement.
Accessing the Damage
Then analyze the effect of this breach. This involves determining the private and personally identifiable information that’s been compromised, and identifying the affected people.
Beyond this, access the probability of future breach and keep outside consultants and professionals to cure it.
Forty-six states require some type of notification when information was compromised. Once the danger of litigation was identified, examine compliance with these requirements. Some states may require attorney general notification or public notification, while some might require private notification.
The provider’s insurance provider should also be advised to benefit from cyber insurance policy, if applicable.
Finally, develop a strategy for reducing the business’s risk connected with the breach. Many breached businesses have offered credit-monitoring services or identity-theft-monitoring services to victims of the violation, to decrease the additional risk of loss or injury. Others have offered informational packets or even some kind of compensation to decrease their risk of liability. Each circumstance is different.
If your ecommerce firm if confronting a data breach, then contact a lawyer immediately. Otherwise, it’s worth reviewing a current PDF guide from the U.S. Federal Trade Commission,”Data Breach Response Guide for Business,” which addresses the topic in more detail.
As always, contact a lawyer for a review and analysis of your particular situation.