How to handle a data breach

In the age of GDPR, a data breach may seem like your worst nightmare and one you’d rather not think about. But if you do find yourself in a position where a data breach has occurred, it’s important to have a clear plan of action for dealing with it. In this blog post, we’re taking a look at what the most important steps are for dealing with a data breach and limiting any potential damage to the business.

What constitutes a data breach?

A data breach is what we typically refer to as a security incident where confidential or sensitive data is exposed or released to a person or organisation who is not authorised to see it. Of course, a data breach is not always malicious. It can simply be a result of an accidental release of information. However, the legal implications can be just as severe regardless of whether the breach is caused by malware, a targeted attack, a lost laptop or a stray email.

The steps to take after a breach

So what do you do once the unimaginable happens? In an ideal world, your business should have a detailed incident response plan that you can immediately launch and follow. But whether or not you have access to a plan, we want to share some of the key elements that should be part of an overall checklist for taking action to deal with the aftermath of a data breach.

  • Contain the breach
    Once you’ve discovered the breach, you should work to immediately identify the compromised system and fix any data leaks. It’s important to ensure that your critical systems are out of danger. Now is also the time to change passwords across the organisation and enable multi-factor authentication wherever possible.
  • Do a damage assessment
    Before moving on, you should assess the extent of the damage. You may want to set up a team of internal or external resources to evaluate the situation, putting an action plan in place to resolve the issue.
  • Communicate
    Communication is key after a breach. Once you have a clear view of the incident, you should notify anyone affected by it – potential victims, employees, and other stakeholders. If it’s a major incident, you should also communicate proactively to relevant media. Don’t wait – and don’t allow rumours to take over. Be prepared with statements and answers to questions. State future action and prevention going forward.
  • Do a security audit
    To understand the root cause and issues of the data breach, you may want to consider bringing in a third-party specialist – different to any existing IT security partners – to allow you to get an unbiased reflection of the incident without covering anything up. This would be someone who can uncover exactly what data has been compromised, identify the vulnerabilities that caused the breach, and help you find remedies to prevent the issue from happening again.
  • Make a recovery plan
    Unfortunately, many organisations don’t actively work to improve their data protection strategies until after an incident has occurred. But by having a solid procedure for managing a data breach from day one, the business can save a great deal of money and time in sanitising the incident.
    Ensure that you have a recovery plan that allows the business to rapidly go back to normal operation while learning valuable lessons from what’s happened. According to security software company Avecto, a company should consider a multi-layered strategy that includes things like patching, application whitelisting and privilege management, limiting the pathways for malware to obtain sensitive data.
  • Notify the ICO
    The Information Commissioner’s Office require you to report certain data breaches to them when they involve ‘the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’. Not all breaches qualify for letting the ICO know, but many do. Once a data breach has taken place, it’s important to quickly establish whether the ICO needs to be notified. If unsure, use the ICO’s self-assessment tool.

Moving on as a business

A data breach – when handled well – does not need to mean complete disaster for an organisation. It’s important to start focusing on the future as soon as possible and use any lessons from the incident to build a stronger, safer data security policy going forward. And remember: You don’t have to do it alone! Find a solid, dependable IT security partner who can give you all the confidence you need.