The Top 3 Mistakes Businesses Make After a Hack A cybersecurity expert explains what not to do after a data breach.

By Carly Okyle

Opinions expressed by Entrepreneur contributors are their own.


Rajesh De (pronounced Day) knows a thing or two about cybersecurity. Before becoming head of the cybersecurity and data privacy division at law firm Mayer Brown, he served as general counsel for the National Security Agency during the most notorious data breach in history: Edward Snowden's exposing of the agency's surveillance programs.

"Back then, nobody knew about the NSA," he told the audience at the Cyber Security Thought Leadership Forum in New York City on Monday. "[The joke was] the acronym stood for No Such Agency." Even De's wife was puzzled by his decision to work for "the agency that sends astronauts into space."

Having experienced a high-profile data breach firsthand, De imparted some wisdom to the crowd at the forum this week. He explained the top three mistakes that businesses make when responding to a cyber attack.

Related: Alphabet's Eric Schmidt: Gmail Is "Far More Secure' Than Government Systems

1. Not recognizing cybersecurity is the responsibility of more than just the tech department.

When thinking about the issue of cybersecurity, organizations must realize that it's more than a technical issue. "It's much bigger than that," De said. "It's a core business risk, and the consequences of thinking of it as such reaches everything."

Placing security as a core value means that it impacts prioritization, budget concerns, time management and preparation -- both to prevent a breach and to have a response plan at the ready.

2. Share the right amount of information at the right time.

De drew directly from his experience at the NSA when explaining that knee-jerk reactions to share too much and too little information with the public are dangerous. "Generally there's one faction that will want to be so transparent, to tell everybody in the world anything that is known at any given moment, whether it's definitive or not," he said. "Of course there's value in giving real-time education to customers, but there's no value in spitting out a lot of info that has to be walked back. That really confuses people more than it enlightens people."

Going too far in the opposite direction, however, is also ill-advised. "Clearly, that approach runs a huge range of risks, whether they're reputational or otherwise," he said.

Finding the right balance depends on a variety of factors -- the nature of the attack and how the facts develop, among other details -- but striking that middle ground is key.

Related: 8 Tips To Prepare Your Business for an Inevitable Cyber Attack

3. Not having all of the relevant players in the loop ASAP.

While deciding what to explain to the public at what time can be tough to figure out, giving the details to the necessary people on the inside early on is vital. "If you don't have a communications firm or a law firm built into your crisis response plan, and they have to catch up later, that really does a disservice to the organization," De said.

Yet ripples from the Snowden hack at the NSA still loom large. On Tuesday, the Senate passed a controversial bill called the Cybersecurity Information Sharing Act (CISA). The bill encourages companies to share information about hackers and data breaches with both the government and other businesses in the private sector. Although critics say it infringes on customers' privacy while also failing to adequately prevent cyber attacks, supporters say the legislation is a positive step to protect data from cyber attacks in the future.

The bill is expected to be sent to President Obama for his signature after it's been combined with two additional bills passed by the House of Representatives earlier this year that also concerned sharing information.

Related: All in the Family: How This Father-Son Team Built a $3.5 Billion Cybersecurity Business

Wavy Line
Carly Okyle

Assistant Editor, Contributed Content

Carly Okyle is an assistant editor for contributed content at

Editor's Pick

A Father Decided to Change When He Was in Prison on His Son's Birthday. Now His Nonprofit Helps Formerly Incarcerated Applicants Land 6-Figure Jobs.
A Teen Turned His Roblox Side Hustle Into a Multimillion-Dollar Company — Now He's Working With Karlie Kloss and Elton John
3 Mundane Tasks You Should Automate to Save Your Brain for the Big Stuff
The Next Time Someone Intimidates You, Here's What You Should Do
5 Ways to Manage Your Mental Health and Regulate Your Nervous System for Sustainable Success

Related Topics

Business News

After Being Told They Could Work From Home Forever, Employees Made Major Life Changes. Then, a New CEO Ordered Them Back to the Office.

Farmers Group CEO Raul Vargas is facing backlash for the change, but he says being in the office brings more "collaboration" and "innovation."

Business Ideas

The 13 Best Jobs for People With ADHD

Want to find the perfect profession as a person with ADHD? Check out this review of the best jobs for people with ADHD if you need ideas.

Business News

Hedge Fund Pays NYC Interns $20,000 a Month on Average, Sent to Lavish Palm Beach Kickoff

Citadel is known for its over-the-top parties and company retreats.

Money & Finance

What Is a Tariff? Here's an Overview of the Basics.

Keep reading this article to discover the world of tariffs, their impact on global trade and their role in international relations.


Working Remote? These Are the Biggest Dos and Don'ts of Video Conferencing

As more and more businesses go remote, these are ways to be more effective and efficient on conference calls.