Cybercrime series – What should you do after a data breach?

By Steve Maton, Director at 5 Rings Group

Data breaches are regularly in the news these days. Facebook, Dixons Carphone and Ticketmaster are just some of the high profile companies who have fallen victim to a data breach this year. We don’t tend to hear about breaches at smaller companies, but, according to government research, 43% of businesses and 19% of charities suffered a cyber security breach in the last 12 months. Data breaches are becoming increasingly common and can happen to any business, of any size, in any industry.

Would you know what to do if your business suffered a data breach?

With customers’ data at risk at and GDPR requiring you to report a breach in 72 hours, you need to act fast following a breach. Who do you report it to? Who do you contact? What should you do to protect your business and customers from further damage? Should you pay the ransom demanded by hackers? There will be a multitude of questions swirling around your head and time will be precious.

The key to successfully handling a data breach is in the planning. Fail to prepare and prepare to fail. The hard work you put into planning what you should do following a data breach will pay dividends should the worst happen.

Firstly, try to get your head around data breach laws. You don’t need to be an expert but having a basic understanding of your company’s requirements will help. Speak to trusted cybersecurity experts to ensure your interpretation is correct. They can also help with the next steps.

Make sure you have a data breach plan in place. The plan should outline step-by-step actions to take if you suffer a breach. This will include who is responsible for what, what they should be doing and who takes on the responsibility if the designated person is unavailable. Tasks should include; gathering evidence for ICO to show how you handled the issue, notifying third-parties and preparing a statement for customers. The plan should be circulated regularly to senior staff and rehearsed to make sure you are familiar with it.

Of course, there are technical tasks that should be performed following a data breach. You should identify where the breach came from, assess how many devices have been affected, quarantine infected devices, restore lost data from backups and tell customers if their data has been compromised.

If a ransom is being demanded by a hacker – don’t pay it. There is no guarantee you will get the data back.

When you have dealt with the breach and the dust settles it is vital you analyse how the attack happened and take steps to prevent it from happening again. Often the cause of a breach is human error such as an employee opening a phishing email, allowing your system to get infected. Educating staff can go a long way to preventing a data breach from happening again.

When it comes to cybersecurity prevention is better than cure. You should be working with trusted cybersecurity experts to make sure your business is as secure as possible. However, it’s just not possible to make your business 100% secure, which is why you need to plan for the worst.

It may be that you never need to use your data breach plan, but in the increasingly likely event that you do, you will be extremely grateful you have one.

Please get in contact with us if you want us to review your cybersecurity. For information visit us online at 5 Rings Group.