It’s kind of melodramatic to say that identity theft isn’t a matter of if, but when, but watching news reports and talking to friends and family members who’ve fallen victim to a personal data breach can make it feel like that’s the case. Having a plan of action in place for a cybercrime or hacking event can help you feel like you know what to do should the seemingly-inevitable idea actually happen.

For individuals and their personal data, your plan should involve knowing what to do to both prevent identity theft and recover from it quickly should it happen. Steps to prevent a data breach should include securing your accounts with strong passwords, changing those passwords frequently, safeguarding your information, and shredding sensitive documents before discarding them. You’re more likely to discover you were hacked in a timely fashion if you’re staying on top of the documents and reports that come to your house. Routine checkups on your credit report with the three reporting agencies from time to time can also help.

But what do business owners need to plan for? What are the steps you must take if your business is hacked, and you have vendors, suppliers, and customers all wondering if their sensitive information—which a hacker took control of through your company’s network and computers—is safe?

The first step is to take a multi-layered approach to your network security. Have you installed antivirus and antimalware software? Great! That’s only one layer, though. Do you have email scanning software to check incoming and outgoing emails for potential threats? Do you have web blocker capabilities that alert you if any of your computers is accessing a website that may be designed to steal data?

Next, you need working relationships in place with outside agencies who will help you in the event of a data breach. The time to learn the name of the agent or officer who can help you is not while the rest of your staff is fielding phone calls from your customers, all of whom are screaming that their accounts were hacked. Check in with different reporting agencies from time to time to make sure that your plan is up-to-date and that you’re aware of any new regulations or guidelines.

While you’re checking on your working relationships with these agencies, go ahead and put in a call or contact letter to your company’s attorney and get a checkup on your liabilities and the legal ramifications of a data breach. Again, this is not a step to take after the fact.

Finally, one of the most important things you can do is publicly acknowledge a breach as soon as you’re aware of it. Cybercrimes are a known and understood occurrence, and the public understands that hackers are very good at what they do. But the longer you sit on information, the longer time frame identity thieves have to wreak havoc with your customers’ personal information. By immediately getting the word out, you’ll enable your customers and vendors to lock down their own personal data to prevent further damage. Keeping quiet about it will make you and your company look as though you had something to hide, which can have a lasting negative impact on your company.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit