What to do when you suffer a data breach

If you’re among the seemingly small number of organisations that hasn’t yet suffered a data breach, you should be preparing for the inevitable. You can’t count on your cyber security defences to continue repelling attacks, because even the most secure systems contain vulnerabilities. Criminals are constantly looking for new opportunities, and it’s only a matter of time before they exploit even the smallest crack in your organisation.

‘But I don’t have anything worth stealing,’ you might say. Or, ‘My organisation is too small for crooks to pay attention to.’ If only it were that simple.

Rarely do cyber criminals target specific organisations. In most cases, they look for vulnerabilities wherever they’re available – and if your organisation stores personal data, financial records or other sensitive data, crooks will take them.

It’s not all doom and gloom, though. If you act swiftly following a breach, you can contain the incident promptly and give affected data subjects time to secure their accounts. If your response is effective, you could turn a potential disaster into a positive story. By and large, the public and regulators accept that breaches happen, and a strong response will prove that your organisation takes cyber security seriously and that you aren’t to blame.

How to respond

There are six steps to follow after your organisation has been breached:

  1. Situational analysis: Provide the ICO (if required) with as much context as possible. This should include the initial damage (what happened), how it affected your organisation (what went wrong) and what caused it (how it happened).
  2. Assess the data that is affected: Try to determine the categories of personal data and the number of records concerned.
  3. Describe the impact: What are the consequences for affected parties? The answer will depend on the information that was compromised.
  4. Report on staff training and awareness: If the breach involved human error, work out whether the employee(s) in question received data protection training in the past two years. You should also provide the ICO with details of your staff awareness training programme.
  5. Preventive measures and actions: What measures did you have in place before the breach to prevent incidents like this from occurring? What steps have you taken, or do you plan to take, to mitigate the damage?
  6. Oversight: You will need to provide the details of the breach the ICO, including the name of your DPO (data protection officer) or the person responsible for data protection in your organisation.

Get #BreachReady

It’s one thing to know what you should be doing to contain a breach; it’s another to understand how to implement those measures. Finding advice can be frustrating, because in many cases the solutions vary depending on the organisation: how is it run? What are its processes? What resources does it have at its disposal?

IT Governance understands these problems, and we have created flexible solutions to help organisations get #BreachReady. We’ve included advice on how to manage cyber security, and a special offer to make sure you get the right tools and services to meet your budget and needs.

Get #BreachReady and know what to do when you suffer a data breach >>