Spread the love

The email looks wrong. Files wont open. A customer calls asking about an invoice your office never sent. However it starts, the first 24 hours of data breach response decide how bad things get for a Fort Myers business. Handled well, you are looking at a rough week. Handled badly, you are explaining yourself to lawyers, your insurance carrier, and every customer you have.

Most small businesses around Southwest Florida do not have a written plan for this. That is normal, and fixable. Borrow this one. Here is what to do, in order, starting the minute something feels off.

Hour One: Contain It, Don’t Destroy Evidence

Your instinct will be to shut everything down and start deleting. Resist it.

Pull the network cable on any machine acting strange, or kick it off the Wi-Fi. But leave it powered on. A computer’s memory holds evidence that forensic investigators can use, and powering off wipes a chunk of it. Disconnecting cuts the attacker’s access without burning the crime scene.

Then grab a device you trust, a phone on cellular data works, and change your important passwords. Email first, then banking, then anything tied to money or customer records. Do not change them from a machine that might be infected. If a keylogger is sitting on it, you just handed over the new passwords too.

Last thing for hour one: write down what you saw and when you saw it. Timestamps matter more than you’d think, both for your insurance claim and for the notification clock Florida starts running. More on that below.

IT technician unplugging an ethernet cable from a network switch during data breach response at a Fort Myers office

Who to Call, In Order

First call is your IT provider. If HenkTek manages your network, call (239) 234-2334 and then stop touching things. We’d rather get the panicked 7am call than inherit a machine somebody already cleaned up.

Second call is your cyber insurance carrier, and this order matters. Most policies require you to use their approved forensics and legal vendors. Hire your own first and you can accidentally void parts of your coverage. The carrier’s hotline will walk you through what they need from you.

Third, your bank and payment processor if theres any chance financial info was touched. They can freeze accounts, watch for fraud, and flag suspicious transfers before the money is gone for good.

If ransomware is part of the picture, do not make any payment decisions on day one. We covered that in our ransomware protection tips, but the short version is to wait until a lawyer and your insurance carrier weigh in.

Data Breach Response Deadlines Florida Sets for You

Florida has one of the tighter breach laws in the country. The Florida Information Protection Act gives you 30 days from discovery to notify affected residents. Not 30 business days. Thirty days, including the two weeks you might waste hoping the problem goes away on its own.

If more than 500 Floridians are affected you also have to notify the state’s Department of Legal Affairs, and past 1,000 you are notifying the credit reporting agencies too. The full text is in Florida Statute 501.171 if you want the exact language.

The FTC also publishes a useful data breach response guide for business covering the federal side, which kicks in if you handle health records or serve customers in other states.

This is the part where a lawyer earns their fee. Notification letters have required contents, and getting them wrong can mean doing the whole thing twice.

The Mistakes That Make It Worse

The biggest one we see: wiping machines and reinstalling Windows on day one. It feels productive. It also destroys the evidence your insurance carrier needs to pay your claim, along with any record of what the attacker took.

Second, coordinating your response over the same email system that just got compromised. If the attacker is in your email, they are reading your recovery plans in real time. We have watched local offices make this exact mistake. Use phone calls and texts until IT clears the mail system.

Third, waiting. Hoping it was nothing. Every day you sit on it, the 30 day clock keeps running and the attacker keeps working. Suspicion is enough reason to make the first phone call. You do not need proof.

Get a Plan Before You Need One

Everything above works better when it is decided in advance, on a calm Tuesday, instead of at 6am with your heart pounding. HenkTek builds data breach response plans for small businesses in Fort Myers, Cape Coral, Bonita Springs, and Naples, and we monitor client networks so the weird login gets caught before it turns into a breach announcement.

Want a response plan with your company’s names and numbers already filled in? Reach out for a free consultation or call us at (239) 234-2334. Print the plan. Tape it inside a cabinet. The businesses that get through breaches cheaply are the ones that never had to improvise.