A data breach: how should your business respond?

Features Posted 13/09/22
Tribeca Technology's CEO and founder Mark Instance advises businesses on responding to a data breach

Concerning being the victim of a cyber attack, unfortunately, it’s really a matter of when, not if it’s going to happen. All businesses are at risk, no matter their size or industry. For that reason, all organisations must have an actionable plan ready to go in the event of an attack. When your business is hit by a cyber attack, that results in a data breach. Here’s what you need to do to make it right and recover from it.

Have a robust IT security mechanism already in place

Putting this in place after a data breach is like trying to bolt the proverbial door once the horse has, indeed, bolted. GDPR requires all businesses to have technical and organisational data protection procedures in place. If you don’t have these, you cannot guarantee compliance and may be vulnerable to penalties.

It’s in your best interest to engage an IT managed services partner before you experience a security breach, and at the very least as the first line of response when you do.

Start your incident response plan

Your Cybersecurity Incident Response Plan is a critical aspect of your cybersecurity strategy. Whatever the size and scale of the breach, it should set out all the steps you need to mitigate the risks. A robust plan would constitute your due diligence in respect of GDPR compliance.

Contain the data breach

To contain the data breach, you must be sure to isolate any infected systems. Isolating the systems from the internet and your IT network will help to stop the spread of any infection, whilst preserving critical evidence. To recover from a breach, you must first understand how it occurred. Without this information, you could begin to restore systems and the breach could occur again.

Investigate, audit and understand what has happened

A predetermined response team must come together as soon as the data breach is discovered. The initial meeting must establish the value of the data that has been breached and review who needs to be involved and informed.

Is it necessary to report the breach to a third party? The investigation should reveal whether external bodies such as stakeholders or regulators need to be involved. If the ICO should be informed, this should take place within 72 hours of becoming aware of the breach.

Be open with your customers

Make a statement where necessary and ensure a single point of contact and responsibility for communication. Involve your customers in your recovery and tell them what you’re going to do to make their data safer in the future.

Have a long memory

Once the dust has settled, it’s easy for complacency to set in again. Your customers will have a long memory, so be sure to offer consistent reassurance and to follow through on your promises. A repeat performance would be disastrous for customer relationships.

To find out more, visit www.tribeca-it.com.

Tweets from @SEBmagazine