E-commerce data breach: what to do when it hits the fan (part 1 – security interventions)

Your objective is to proactively respond with appropriate security interventions and communications. What’s the first thing you’d do?

A breach of financial or personal customer data could happen to any business. Not every security breach is devastating, but the more prepared you are to deal with it, the quicker and easier it will be resolved. But it probably seems so unlikely that you haven’t planned for it. It happens to big brands, right?

You need to work out how you’re going to stop the breach or resolve its effects with the help of your systems admin, at the very least.

Pull the plug! Can we pull the plug? Phone the systems admin. Where’s their number? Who’s got their number? Do we have a systems admin? CAN THEY FIX THIS?

We also recommend you consider how you’ll communicate the incident. That deserves a blog post of its own (read on for more details). First, here’s our practical checklist that will stop a hack or minimise its success.

Make appropriate security interventions

1. Check it’s really a hack

One user having an error/issue shouldn’t cause you immediate panic – though your customer might need reassuring. Ask them for full details about their issue like their browser, operating system, the time of error – all this will help you check logs on the system.

2. Make it happen again

If you can replicate the issue or numerous complaints come in, you’ve got a reason to worry. If you can’t make it happen again and no other customers report the same issue, continue to monitor the situation while your customer service team supports your aggrieved user.

3. Call your system admin

Provide them with the information you’ve collated so they can take a closer look. Ask them to update you regularly. If a breach has happened, they can give you more details and possibly an early estimation of the damage.

Who’s got their number? Do we have a systems admin? CAN THEY FIX THIS?

We’ve talked a little bit about systems admins and supported hosting before, in the context of server & platform advice. It’s worth checking what kind of support package you have and how this could impact on an emergency.

4. Turn off e-commerce

If your issue will take time to fix, disable all e-commerce functionality on your site put customer notices up on key pages. This early in the investigation, there isn’t a lot to tell your users, so a generic message about maintenance upgrades is fine.

5. Analyse & plan

If your system admin confirms a hack, ask them to list out what’s happened, how it occurred and if there’s been a data breach. They should tell you how they plan to fix it and how long they think it will take.

However, if there hasn’t been a breach, make sure the false alarm has been explored and your website isn’t compromised in another way.

6. Communicate & mitigate

If you’ve had a data breach, email people who’ve been affected to let them know what’s happened. Ask them to reset their password or force a password reset.

Personal data breaches must be reported and, wherever you trade in the world, you’ll have a time-sensitive window to inform the regulator for that territory – be aware the clock is ticking.

But if there definitely hasn’t been a breach and your site has no other issue needing attention, you can remove your maintenance notices and turn e-commerce back on.

7. Double-check

Once your systems admin has fixed the issue or hack, the next step is to run a few test orders to verify that all’s well. If it is, remove maintenance messaging and enable e-commerce functionality.

Don’t rely on our list

Have we made this look easy? Well, good. But don’t stop here. Around 95% of setups/hosting environments are different, so one simple checklist doesn’t fit all. Again, see the link below and refer to our article on keeping your e-commerce systems robust.

For example, your setup could mean a scenario where your site has been hacked but sensitive data is perfectly safe; or your payment gateway partnership might have a process whereby they offer help or jump right in if they detect malicious activity. There are many variables for you to consider.

Bookmark this article – you might need to refer back to it as you pull your plan together. Once you start plotting out who, what, when and how, you’ll really start to feel the benefit – and the scale – of what happens in a website security crisis.

As well as resolving the breach – often simultaneously – you’ll need to execute a crisis communications plan. For our insight into this, see the link below and head over to part 2 of this data breach double bill.


Photo by Nathalie Spehner on Unsplash (cropped). This article first appeared on Medium.

You might also like

Back to headlines