Nov 1, 2021
Daniel Tannenbaum

What to do if your company has had a data breach

Data
Security
Daniel Tannenbaum discusses how to identify and overcome a data breach

A data breach refers to key information being taken unwillingly from your business. From being lost, stolen or hacked, this information can be very dangerous or costly when put in the wrong hands. From private customer data or key business dealings, data breaches are on the rise and businesses of all sizes need to know how to react. 

How do data breaches occur? 

With a data breach estimated to cost an organisation between $3-4 million, they can happen due to a phishing attack or hack into your company’s systems. From phishing emails to cyber attacks, there are people who are trying to get their hands on your company’s information. 

Some firms have been held ransom by their data, known as ransomware, including against Orange Mobile, Manchester United and Travelex in the last year. 

Data breaches can also occur internally, from a ‘dirty’ part leaking information or taking customer data for their own personal gain. This may not be sophisticated at all - but rather a person sneaking information that they see on their screen or passing on information through harddrives or USB sticks.  

Identify the source 

Start by identifying the source of the breach - what information was leaked? Where did it come from? Was there a hole in your system? Was it someone internal? 

Your first task will be to close this gap and stop the breach from causing any further havoc. At this point, you may want to bulk up your security with extra firewalls, anti-virus software or using a cybersecurity consultant for advice. 

Understanding the nature and extent of your data breach will help you rectify it and also report it accurately to the authorities. 

Address the breach and damage control  

You should ideally have an IT team on hand to help you address the breach - or you may need to bring in external help. 

If the breach is ongoing, you can consider getting your staff to use other computers or working from another location to avoid further damage. 

One common form of damage control is to save a disk image or copy of the affected servers - so you can keep existing data and avoid this being compromised further. 

If an employee’s account was attacked, consider removing this account and asking all team members to change their passwords and sign in again. 

Inform the authorities 

You should make your authorities aware of any data breaches, both internal and external. If information was stolen internally by a member of staff, this could be an arrestable offence.  

Otherwise, it is worth compiling all the information you have about the hack, the type it is and where it might come from so that the police can start investigating - and they may find that there is a pattern forming and if other companies have experienced the same thing, it could help find the culprits. 

Test your security 

It is important to test your security again and ensure that the hackers cannot attack you in the same way and steal any important data. 

This process is often known as penetration testing, where specialist companies will test the vulnerabilities of your website or IT infrastructure. This is not always an expensive task, with fees starting around £1,000 for a one-off text. The company can also recommend ways to overcome future breaches by tightening up your security. Be sure to find a company that is CREST-accredited.  

Consider PR 

If you have suffered a large data breach, you may need to look at using a PR company that deals with cyber attacks

A suspected data breach can make you lose trust with your customers and shareholders and if it is a sizable attack, you may need to put out a public statement to put people’s minds at ease. 

If you are going to email your customers and encourage them to change their passwords, you need to have clear messaging and avoid any panic and this is something that a PR company can help you to communicate.

Share article