How to Handle a Company Data Breach
6 steps how companies handle data breaches
Despite your best intentions and efforts as a business owner, you can never be
100% certain that a data breach will not happen in your company. Mistakes are made, cybersecurity measures are circumvented, attackers become more
ingenious – the result is the same.
Your company has just suffered its first major data breach and you are wondering
how you can handle this the best way possible.
Sooner or later your company data security can be
But what's important is how companies handle such data breaches,
to avoid further damage to their business reputation.
Formulate a Strategy
Before you start making any actual moves to mitigate and solve the data breach,
you need to take an overview of your company and to look at the data breach guidelines that you had formulated for
just this kind of a situation.
If you run a large company, you might actually have experts who will be able to
deal with this problem in-house. Perhaps you have data forensic, IT and legal teams that will be able to handle
this on their own.
However, if you run a smaller company, the chances are you will need to
contact someone on the outside and hire
them to handle the technicalities of the breach for you. If you
are outsourcing your IT, this is the perfect time for them to come through for you.
For the vast majority of people, the initial instinct when a data breach occurs is
to take everything offline as soon as possible, unplug and wait for the help to arrive. While you will want to take
everything offline, it is a bad idea to shut down the machines as this may prevent the data forensic people to
investigate the breach in full. Leave everything as is until the investigators arrive and assess the
It is now time to turn off the affected machines and replace them with those that
have not been affected. Furthermore, you will want to do a sweep of all your entry and exit points and a complete
overhaul of all the credentials and system access privileges. Passwords need to be changed immediately, as well as
anything else that might provide continuous access to your data to the attackers.
You should also try and make sure that the data breach is contained by searching
the web for data that might have been compromised. If the data has been published somewhere, you will need to take
all action you have at your disposal to get the information down as soon as possible.
This initial action should also involve talking to people who noticed the breach
so as to find out the extent of the breach and whether there are any tails that could grow into additional problems
down the road.
One of the essential steps in dealing with company
data breach is to
analyze it and remedy the problem, to prevent it from
Analyze and Remedy
Once you have managed to put the data breach under control and ensure that no
further leaks will occur, it is time to analyze what has happened, how your security system behaved and how you can
prevent future similar breaches.
This is where the data forensic people will be taking charge, identifying the vectors that were used to access your data and identifying the vulnerabilities that led to the
breach. They will also investigate the behavior of your security system and how well it contained the breach
(for example, has your network segmentation limited the extents of the breach).
During this stage in data breach cleanup, you will also be looking at who has
access to what parts of your system and whether it is necessary to limit access to various third parties. Do not be
surprised if the breach is actually traced back to one of your third-party vendors.
This process might take a while, but you need to make sure it is complete before
you get everything back online and running.
Communicate with Stakeholders
Another thing you will want to do as part of your data breach management process
is to communicate with any and all stakeholders. For example, if your local laws require you to report the breach,
do so. Do so even if they do not. Law enforcement agencies need data to improve their future work and make sure to
provide them with all data that you can.
You should also remain in touch with your legal representatives and try to
establish whether the breach might cause your company to get in any kind of legal
trouble. You will also want to keep the lines of communication open to
your employees, customers, shareholders and partners. Not everyone needs to know everything, but they should be
aware of the incident to some extent.
Keep Track of Everything
All of this will require quite a bit of organization and management. The best way
to ensure no steps are skipped and everyone is on the same page, you might want to use a project management system of some
kind, of course, independent of your compromised system.
Make sure that teams are collaborating and that the information flows freely.
There is nothing worse than trying to fix something and end up making everything worse because people were working
against one another without even noticing it.