Implications of Internal Data Theft for Small and Medium Enterprises (SMEs). Part 2: The first couple of days

The moment you discover an internal data theft is shocking on every level. It WILL hit you hard.

The betrayal and breach of trust personally and with respect to clients is shocking.

The impact on you and your business will be massive. International research indicates that sixty percent of businesses that suffer a data theft do not survive more than six months. BE IN THE FORTY PERCENT.

While this is a given, the potential impact on clients may also be huge and this must be your highest immediate priority.

There are a number of critical things you need to do immediately.

First: calm down, think with clarity and develop a plan or preferably have a set of protocols already in place for an event of this nature.

For me, I spent the first couple of days trying to prove to myself that it didn’t happen as I couldn’t quite believe it. Don’t Do This! Look At The Facts and Act Quickly.

Be decisive, transparent and act with integrity.

Ensure you have sufficient facts to confirm the data theft. You should have systems in place to enable you to do this quickly.

Document everything.

If possible, determine who has committed the alleged act and what data has been taken and why. This will help determine the level of risk to the clients and to your business.

Was the theft simply malevolent, for personal use of the perpetrators or for sale to, or use by scammers. The implications of each are significantly different for you and more importantly for your clients.

If you are uncertain you must act on the assumption that the data theft has happened, assume the worst-case scenario and ensure that clients are informed and protected as much as possible.

Engage third party professionals to undertake forensic analysis of what has occurred. This will provide the best information and evidence to make decisions and assist with any legal action taken at a later stage.

Notify the clients affected as soon as possible, providing them with enough information to enable them to make decisions on the level of risk and how to protect themselves.

Notify the authorities as soon as possible, in New Zealand this is the office of the privacy commissioner. They will investigate and likely require that you notify the victims (clients) anyway. They will appreciate it if you have already done so.

My experience with the team at the privacy commission is that they are pragmatic and reasonable as long as you are acting in good faith.

Inform your staff, outlining what has happened and the strategies you have in place to ensure the prosperity and security of the business.

The staff will be unsettled and worried. Enlist their support and help. My experience is that if you do so the team will actually be amazing. People always seem to excel during times of adversity.

In general, there is no good outcome for you and your business. Although, with the right attitude and focus this can be the catalyst for positive change and ultimate growth, effectively a renewed beginning.

You can only control how you react, the actions you take, and respond with transparency, honesty and integrity. It will be a very long and gruelling process to recovery if you survive but ultimately it is worth it.

Front foot the problem and be part of the solution. Remember challenges are why you are in business. This is just another one of those.

I’m trying to keep each post simple and short. Please don’t underestimate the scale and complexity of problems you will face in these circumstances.

If you are facing this now, please feel free to reach out. I’m happy to listen and share.

In the next article I will discuss the implications on the business and strategies to minimise the damage and ultimately create a better, stronger and more focused future.

If you have questions, would like to contribute your own opinions and experience or simply like to discuss the points raised here please feel free to reach out to me.

PM me or email and [email protected]

As always, thank you for your time and have an amazing 2024 and beyond.