How to Manage a Data Breach

Introduction

The aftermath of a data breach is something that often follows businesses around for decades, despite their best efforts to mitigate the effects. In the wake of a series of data breaches (SHEIN, Twitter and Medibank, for example), it is crucial that businesses understand the steps required in managing a data breach.

Many businesses, unfortunately, don’t know what to do after a data breach and go into panic mode, making matters even worse.

Data breach examples

Many data breach examples can be put forth as they have managed to create quite a few waves in the public spotlight as of late, including the examples above. However, these three data breach examples tend to stand out from the rest due to the enormity and severity of the incident:

Marriot

The well-known hotel chain lost 383 million customer records to a hack. The breach includes payment card details and passport numbers, both encrypted and unencrypted.

Yahoo

Yahoo has, unfortunately, been the victim of two of the largest known data breaches in history. First, in 2013, the account details of 3 billion users was stolen, and only a year later, data from 500 million user accounts was stolen again, which included hashed passwords, names and email addresses, as well as security questions and answers.

Equifax

The information solutions and HR business process outsourcing provider suffered a server exploit which led to the loss of credit reports of more than 140 million customers. The breach cost Equifax $575 million, courtesy of the fine which needed to be settled with the FTC.

 

What to do if you have a data breach

The breach management process doesn’t have to be an overly complicated one. Here are just some steps you can take in preventing a data breach:

Don’t sit on it

As soon as a breach occurs, don’t sit around and wait to see what happens next. Immediately, spring into action and do whatever you can to minimise further risk. This means logging out all sessions, both on-premises and remotely; changing passwords with more complex ones and not giving out those passwords until you have discovered the root cause of the breach and a solution, and; setting up multi-factor authentication (MFA) for all your workstations and devices.

Remove the risk, then find out what happened

Attempting to find out what caused the breach before fully understanding and removing the risk is pointless and futile. You should always start with securing yourself (the steps discussed in the previous point), removing the risk, and then finding out what happened – e.g. how they broke in, what they accessed, what they managed to exfiltrate, the extent of the damage, etc.

Notify the relevant parties

Now that you’ve minimised the risk and investigated the root cause, along with some basic measures to secure yourself, notify the relevant parties: your customers, employees, stakeholders, investors, etc. Hold a meeting and calmly explain what happened and what you’re planning to do about it. For those who can’t attend the meeting, such as your customers and stakeholders or investors, send them an email and text notification.

Take preventative measures

This could come in many forms, including tailored cyber security software, speaking to a cyber security expert, conducting an in-depth security audit, etc.

Seek legal advice to determine next steps

Depending on the scale and severity of the breach, you may need to speak to a legal advisor to better understand how to proceed. You might need to inform the ICO as well.

 

Preventing a data breach

Preventing a data breach doesn’t have to a cumbersome, uncertain, or overly complex process. With the right breach management process in place, you can ensure that your data remains safe and secure in future.

Read more Back to resources

Connect with us

Ready to transform your business through strategic technology solutions? Connect with us today to discuss how we can help you achieve tech-powered growth.

    two Emerge workers looking at a laptop screen