A data breach is a cyber incident in which sensitive or confidential data is copied or stolen by an unauthorised individual. Data breaches can affect the government, organisations of any size, and even individuals.
There’s no real way of predicting the occurrence of a data breach but there are ways to manage it to reduce its impact.
We’ve put together 4 essential steps to manage a data breach…
Your organisation should already have an Incident response plan in place which can be used in event of any cyber-attacks such as; a data breach. An incident response plan is your guide to the procedures you will follow in the unfortunate event of a Cyber Security incident within your business so that you are prepared. This will lay out what your organisation and employees should do in the unfortunate event of a data breach.
It is vital that your employees are educated in what to do and are familiar with the plan, such as by performing training exercises to avoid panic and confusion during a data breach. It is also important that you look to reduce the risk in the first place which could mean reviewing your existing infrastructure to see if there is logical separation which would prevent the propagation of an attack and that the minimal number of internet facing devices required for business is in place.
2. Discover and contain
The initial phase is when the data breach is first discovered, the faster the breach can be detected, the less of the impact. Your organisation should use breach detection systems to ensure you are checking for any unusual behaviour from your network.
It is important to determine some facts about the nature of the incident including:
- Finding the root cause of the data breach (internal or external)
- The level of risk to your organisation
- The nature of the data which has been breached
- Number of impacted individuals
During the discovery of the data breach, you must not delete the impacted systems to ensure you keep the evidence for any forensic investigations of the breach. It is also important to contain the incident such as; disconnecting from the internet or isolating certain networks to ensure you mitigate the impact on the rest of your business.
3. Notification of breach
After discovering a data breach, it is important to have a communication plan in place to notify any impacted individuals such as your employees, customers, clients or third-party vendors. You should notify the ICO within 72 hours of the breach and they may help you establish a plan to contact third-party vendors and give you advice on how to respond effectively to complaints.
If you are releasing public statements to the press, ensure you have a plan in place to decide which member of staff is going to communicate the breach and what information they are going to disclose.
An organisation with an incident response plan in place will be able to move through the process in a more efficient and swift manner as they will be able to see the next steps they need to take during the breach.
4.Evaluation and response
After the data breach, your organisation will need to evaluate how you handled the breach and any lessons that you have learned in event of another cyber-attack. It is necessary to assess your organisation’s security practices to understand how the breach occurred and avoid a reoccurrence. Your staff may require cyber-security training if it was caused internally or a strengthened incident response plan if resolution was longer than expected.
A data breach on your organisation can be disastrous but taking the correct steps and measures will ensure you can minimize the risk. Be prepared and stay vigilant for cyber-attacks!