Data breaches come with many consequences for your business, the most severe of which is loss of customer trust and damage to your reputation. Building your reputation takes years, but it can be destroyed in an instant by a data breach. However, there is a right way and a wrong way to handle a data breach…

With data protection heavily regulated, even more so since the introduction of GDPR Laws in May 2018, there’s greater pressure on your business to comply with legislation and protect the personal information of customers. So, what should your business do in the event of a data breach?

Here are 6 steps you should take to handle a data breach the right way and recover:

#1 – Get confirmation of the breach

Before you push the panic button, get confirmation that a breach has occurred. It’s not uncommon for a hacker to send an anonymous email to an unsuspecting staff member claiming that your firewalls have been breached. This is often a ploy to trap companies into giving up data unwittingly.

Check with your in-house IT team or external service provider to determine if a breach has occurred. Diverting resources to deal with a non-existent breach can cause disruption to the day-to-day running of your business. It’s best to be sure so that you know what you are dealing with.

#2 – Contain the breach

If a genuine breach has occurred, contain it. Time is of the essence when trying to stop a breach, and how you contain it depends on the type of attack the business is facing, plus the systems affected. To stop a breach:

  • Isolate any system(s) you know the hacker has accessed to prevent the breach from compromising your entire network
  • Disconnect any breached accounts
  • If a specific department in your business was targeted, shut it down

Once the breach has been isolated and contained, you can then take steps to eliminate the threat and prevent further damage. For example, depending on the type of attack your business has experienced, reformat affected systems and restore them or blacklist the IP address from which the attack originated.

#3 – Check the damage

Once the threat has been extinguished, you will need to assess the damage done by the breach. Understanding how the attack happened enables you to put preventative measures in place to stop a repeat incident.

You will need to ensure that all affected systems are checked for malware, which can remain dormant and spark future attacks.

When assessing the damage, gather information on:

  • The type of attack
  • How the attack was administered (i.e. through user accounts)
  • The data that was targeted
  • Whether the data was encrypted and can be safely restored (i.e. check if the data was backed up)

#4 – Inform people affected

Assessing the data breach will reveal who has been affected. This is where you have to take ownership of the breach. According to nCipher Security, a staggering 61% of businesses worldwide said they would cover up a data breach if it meant they avoided a fine.

This is not advised. You are likely to be found out and would face severe sanctions.

The repercussions are likely to be less severe if you make every effort to ensure any customers, stakeholders, the authorities and anyone else that needs to know, are aware of the breach.

You are required to report a data breach to the Information Commissioner’s Office (ICO) within 72 hours.

You can notify those affected by a breach by email, phone or any other method of communication you would normally use.

Reporting a data breach goes a long way toward maintaining your integrity and rebuilding your reputation long-term.

#5 – Conduct a security audit

Once the necessary initial actions have been taken, you should conduct a security audit to review your company’s current security measures and how they can be improved to prevent future breaches.

In fact, security audits should be a regular part of your operation. This will help you to find gaps in your security systems and improve system infrastructure. You should have a strategy in place to check network and server systems, IP blocks, open ports, rDNS networks and security certificates to ensure that your business is protected against malicious attacks.

#6 – Improve preventative measures

A regular, thorough security audit will expose flaws in your systems, which will help you improve preventative measures to stop attacks. Data breaches are a regular threat to your business and it’s likely that you will be targeted more than once if an attacker is successful the first time round.

It’s important that you’re ready. Having a strategy is the first step towards your recovery.

Create a data breach response plan

Prevention is better than cure, and creating a response plan is the final piece of the jigsaw in effectively handling a data breach. Having a company-wide strategy ensures that your staff can better identify the signs of a data breach and raise the alarm quickly.

Most companies don’t become aware of a breach until it’s too late. Having a data breach response plan in place can help you minimise the damage done, reduce fines, decrease the negative press and enable your business to recover more quickly.

Protecting your reputation

How you respond to a data breach has a huge bearing on your company’s ability to recover. Customers, stakeholders and more share their sensitive information with you, with an expectation that you have the proper security measures in place.

A PwC study carried out in 2017 revealed that 92% of customers expect companies to be proactive about data protection. As your reputation is most likely your best asset, you must be prepared to handle data breach incidents in the right way.

For help with preventing data breaches and complying with GDPR rules, get in touch with DPA/OK today.