An Essential Guide To Managing a Data Breach In Your Organisation

cyber disaster recovery plan

A data breach is a cyber incident in which sensitive or confidential data is copied or stolen by an unauthorised individual. Data breaches can affect the government, organisations of any size, and even individuals. The average total cost of a data breach costs £2.91 million (Security Scorecard, 2018) this is detrimental to an organisation and can severely impact the reputation of a business if sensitive information or client data is exposed.

The most apparent impact to a business in financial loss, however this typically depends on the nature of the breach, the individuals involved and the nature of the data exposed. It is important your organisation is taking the correct steps to mitigating the various impacts of a breach.

There’s no real way of predicting the occurrence of the attack but there are ways to manage and reduce its impact in the event of one. Many individuals would be unsure where to start so we’ve put together 4 essential steps to managing a data breach within your organisation…

1. Planning and Preparing for a Cyber Security Incident

Your organisation should already have an Incident response plan in place which can be used in event of any cyber-attacks such as; a data breach. An incident response plan is your guide to the procedures you will follow in the unfortunate event of a Cyber Security incident within your business so that you are prepared. This will lay out what your organisation and employees should do in the unfortunate event of a data breach.

"58% of organisation's have an incident response plan. However, only 50% of organisations feel prepared in event of a cyber incident"

It is vital that your employees are educated in what to do and are familiar with the plan, such as by performing training exercises to avoid panic and confusion during a data breach. It is also important that you look to reduce the risk in the first place which could mean reviewing your existing infrastructure to see if there is logical separation which would prevent the propagation of an attack and that the minimal number of internet facing devices required for business is in place.

2. Discovering and Containing a Data Breach

The initial phase is when the data breach is first discovered, the faster the breach can be detected, the less of the impact. Your organisation should use breach detection systems to ensure you are checking for any unusual behaviour from your network.

It is important to determine some facts about the nature of the incident including:

  • Finding the root cause of the data breach (internal or external)
  • The level of risk to your organisation
  • The nature of the data which has been breached
  • Number of impacted individuals

During the discovery of the data breach, you must not delete the impacted systems to ensure you keep the evidence for any forensic investigations of the breach. It is also important to contain the incident such as; disconnecting from the internet or isolating certain networks to ensure you mitigate the impact on the rest of your business.

3. Communicating a Data Breach

After discovering a data breach, it is important to have a communication plan in place to notify any impacted individuals such as your employees, customers, clients or third-party vendors. You should notify the ICO within 72 hours of the breach and they may help you establish a plan to contact third-party vendors and give you advice on how to respond effectively to complaints.

If you are releasing public statements to the press, ensure you have a plan in place to decide which member of staff is going to communicate the breach and what information they are going to disclose.

An organisation with an incident response plan in place will be able to move through the process in a more efficient and swift manner as they will be able to see the next steps they need to take during the breach.

cyber attack and data breach on screen
Cyber Security Consultants Meeting - CS Risk Management - Specialist Cyber Security Consultants

4.Evaluating Your Data Breach

After the data breach, your organisation will need to evaluate how you handled the breach and any lessons that you have learned in event of another cyber-attack. It is necessary to assess your organisation’s security practices to understand how the breach occurred and avoid a re occurrence. Your staff may require cyber-security training if it was caused internally or a strengthened incident response plan if resolution was longer than expected.

A data breach on your organisation can be disastrous but taking the correct steps and measures will ensure you can minimize the risk. Be prepared and stay vigilant for cyber-attacks!

Looking for a first class cyber security consultant?