What to do after a data breach

If you have become aware that a data breach has happened within your business, it can be a stressful time. It can however, be dealt with.

With honesty, transparency, and knowing the relevant steps to take, the impact of a data breach on your operations can be minimised. We’ve documented a quick plan of action if you suspect that a data breach or other similar cyber crime has occured, however, your first step should be to get a quote for cyber insurance from Cyber Insurer.

Document everything you do

While any data breach is undoubtedly a stressful time, making a comprehensive log of all the actions which you and your colleagues/staff take next is crucial in keeping a log that you acted in a correct and lawful manner. It can also be useful to refer to in the event of a further breach, or to ascertain what might have initially caused the incident.

Ensure any breach has actually stopped

Once the compromise has been determined, its critically important to plug the hole and ensure that any additional data is not leaked or further damage is caused. This will involve getting to the root cause - be it a rogue USB drive, a weak password, employee malpractice or other means. Once the source of the breach has been determined, and stopped, the investigation and reparation can begin.

Determine the scale and scope of any assets which are known to have been compromised

To make sure your claim is processed as quickly as possible, and minimise further potential damage, it’s important to get a handle on what data has been compromised.

Make a list (if known) of any accounts which may have led to the breach, as well as any specific data (if known). In the case of customer data, try to ascertain the number of records affected, which fields might have been compromised, and any additional damage or data loss which might have occured (or could still occur) as part of the breach.

Reset all relevant passwords and logins

However the breach has occured, it’s important to ensure that any further damage cannot be done. Change the password, and if necessary, any attached email addresses to the system(s) that were compromised. Some applications allow you to “log out of all other sessions” which can also be helpful if unauthorised access has occurred.

Now is a good time to create a stronger, more secure password. If additional security such as two-factor authorisation can be used, enable it. A password manager can also be a useful means of storing high-strength passwords.

If a password has been used for multiple sites or applications, you could still be at risk. To mitigate the risk of this, change any passwords which you know to be used multiple times, and any high-risk websites or applications, such as banking, email, or social media.

Ensure your Data Protection Officer (and other relevant staff) are notified.

Your Data Protection Officer should ensure that compliance is met in line with GDPR and any other applicable laws. Whether this means coordinating with the ICO to inform the regulator of the breach, or to act as a point of contact from customers or those that have had data or PII compromised, it’s important to follow the guidelines and do your lawful best.

Your tech team should carry out further investigation into the breach, and determine whether further security measures need to be implemented.

Contact the relevant institution(s)

It can be helpful to contact the organisations involved, particularly financial institutions, who can flag any further suspicious activity on the account(s) you mention.

The organisation might also be able to shed further light on the breach, potentially offering a level of detail such as IP addresses, and additional communication details, which you might not otherwise be able to access.

Monitor the situation closely following the breach

It makes sense to keep a close watch on any affected account(s) following any data breach.

Seek third-party support from an IT/OpSec consultant and advice from an external/impartial source. If internal processes need to be reviewed and amended following a breach, then they should be done immediately to prevent further attacks.

Prepare an apology and explore compensatory measures

If the breach has affected your customers, it’s important to let them know what has happened, and keep them updated as investigations continue. The situation is best handled with honesty and transparency. Having a detailed log of what has happened will help.

It can also be worth preparing some kind of offer for customers to try to retain trust, and consider any wider implications of negative public relations which may surround the breach.

Being victim to cyber crime or a data breach is demanding to businesses of any size, but can be crippling to entrepreneurs or SMEs.

Ensure you’re covered from a financial perspective by getting a quote from Cyber Insurer today.

Get a Quote Today

With cover available from as little as £37.63 per month, Cyber Insurer UK provides an innovative insurance product which can protect your business.

Get a quote today in under 60 seconds and protect your business with Cyber Insurer UK