Five Best Practices to Deal with a Data Breach

September 3, 2018 4:18 pm Geraldine Strawbridge

For many organisations, a data breach is their worst nightmare.

The recent spate of high profile cyber-attacks has highlighted the fact that it’s not a matter of ‘if’ but ‘when’ an organisation will be attacked.

Just last week, T-Mobile announced a major data breach affecting the personal data of two million customers and within the last few months, Dixons Carphone, Fortnum and Mason, Costa Coffee and Ticketmaster have all reported large-scale data breaches that have resulted in the theft of valuable customer data.

It’s easy to assume that it’s just the big brand names that are being targeted, but research conducted by Business Trends found that 43 percent of all cyber-attacks are aimed at small businesses and half of these companies will go out of business within six months as a result.

Cyber-attacks can have serious repercussions for a business and the fallout from a major data breach can include a drop-in share price, loss of customers, financial penalties and damage to brand reputation.

The stakes are just too high for organisations to sit back and hope they won’t be targeted. It’s vital that organisations have a thorough plan in place that includes specific procedures and actions to follow should they become victim to a data breach. 

What to do in the event of a data breach

If your organisation is in the unfortunate position of being breached, you will need to act quickly to prevent any further damage to your business. The first 24 hours will be crucial in managing the incident effectively. There are five best practices that should be followed in the event of a data breach:

1. Identify Breach

Once organisations are aware that a privacy breach is in process, the immediate concern is to stop the breach from continuing. Businesses must identify how the breach occurred, whether it was from a phishing attack, malware or through data leakage from a laptop or mobile device.

All entry and exit points within a system should be closely monitored and as soon as the breach has been identified, a containment strategy should be put in place to ensure that hackers are unable to gain further access to valuable company data.

2. Assemble Incident Response Team

In the event of a data breach, specific individuals within the organisation should have defined roles and responsibilities to effectively make decisions and manage the situation accordingly. The contact details of all key personnel should be circulated throughout the organisation, so all staff know who to contact in the event of an incident. If the breach is extensive, external experts may need to be appointed to assess the damage.

3. Communicate with all Relevant Parties

The GDPR requires that organisations disclose any personal data breaches to the relevant supervisory authority within 72 hours of detection.

If the breach results in a high risk of affecting an individual’s rights and freedoms, then the individual must be notified with immediate effect. The longer a breach has taken place without mitigating measures, the greater the risk to the data subject in terms of privacy impact.

A communications strategy should be put in place which includes the issue of a prompt and apologetic press statement that accepts responsibility for the compromised data. A dedicated web page should be created which provides detailed information for affected individuals, and customers should be informed about what measures are being taken to prevent any further breaches.

4. Secure all Systems

Organisations will need to assess what led to the breach to prevent the same type of incident from happening again. Data breaches expose vulnerabilities in systems, so it’s imperative to look at what areas need strengthened to prevent any further attacks.

Depending on the size of your organisation and the resources available in house, it may be beneficial to appoint an outsourced Security Operations Center (SOC) to prevent, detect and respond to any future cyber security threats.

5. Evaluation

Following a data breach, organisations will need to conduct a thorough evaluation of their response to the event, identify lessons learned and improve security practices going forward. This could include the encryption of all data and devices, limiting access to classified information and providing employees with effective security awareness training.

72% of data breaches are related to employees receiving fraudulent messages so it’s vital that staff are trained to identify and respond appropriately to the growing range of cyber security threats.

MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch for further information on how we can help protect your business.