Skip to content

How to Manage a Data Breach Incident

Facebook’s big data breach in 2018 sent millions of users into a flurry to reset their Facebook passwords, hoping and praying that their information hadn’t found its way into the wrong hands. Some 50 million Facebook accounts were compromised three days before the company’s announcement, granting hackers access to personal data and landing the social media giant in hot water. Despite damage control efforts, this large-scale hack called into question the overall safety of online accounts.

Big companies are big targets, so it’s no surprise that we only hear about high-profile data breaches. In reality, however, smaller businesses are the ones who are more at risk of being affected by a breach, as they ultimately have much more to lose. When it comes to detecting an attack, researchers from IBM estimate that it takes small businesses about 200 days before a breach is found — and by then, the attack is well under way. It can cost a large amount of money and reputational damage for a business to get back on its feet after a breach, especially when taking into account the time and manpower required to rebuild a company’s operational systems.

All in all, predicting and preventing a data breach is tricky. And while some argue that breaches are inevitable in this day and age, businesses should still arm themselves with the proper tools and information on not only how to prevent a data breach, but also what to do when defenses fail and an attack occurs.

But first, it’s important to know what you might be dealing with. While not all cybersecurity attacks can result in a breach, this article by Chief Executive outlines seven types of data breaches, ranging from hacking via malware and phishing, to employee negligence and physical theft. Being aware of these attacks can help you prevent them, or at least know what to do in the off-chance that your company falls victim.

What to do in the event of a data breach


1. Start with damage control

Has client information been taken? Are the financial statements of the businesses secure? The steps you’re going to take to recover from a data breach will depend on what type of information was taken. Find out which servers were compromised (especially if your business has different servers) and see what kinds of information were stored on those servers.

2. Seek the help of an expert team

Leaving the data breach to those who have no experience may do more harm than good. Enlist the help of forensic investigators who will survey the damage and suggest what steps to take to move forward. Call your company’s legal team to understand what laws may apply to your case; if the breach resulted in compromised electronic health information, for example, you will be covered by the HIPAA Breach Notification Rule. Your legal counsel will also be valuable in determining how and when to notify affected parties of the breach.

3. Secure what you can

Try to secure as much of your system as you can. Make sure all affected systems are offline (but don’t turn any machines off without consulting your forensic team) and update all passwords to important accounts. It’s also crucial to secure all physical spaces where your operating systems and important documents are stored. You can do this by ensuring that the passcodes and locks are changed.

4. Bring in law enforcement

Although it might be tempting to keep quiet and avoid telling people about the breach, it is still in your best interest to notify the authorities as soon as possible. While the government has yet to put a federal data privacy law in place, many state governments have enacted their own data breach laws. The National Conference of State Legislatures provides a comprehensive list of the current security breach laws according to each state. Following these laws not only will keep your data breach analysis going, but you will also get an idea of what legal protection your company is entitled to.

5. Create a communications plan

Find out who needs to know about the breach. If it’s only financial statements that were compromised, for example, informing your customers of the full extent of the breach might cause undue panic. Simply releasing a clear and concise statement about the breach and clarifying that no personal information from clients or consumers were compromised can help put everyone at ease. The Federal Trade Commission has prepared an outline for companies to use when forming a data breach notice. If there are other service providers who may be affected by the breach, they should also be informed — and make sure to freeze any credit cards or bank accounts that could have been compromised.

What to do after a data breach

1. Continue to monitor the situation

PCMag editor Juan Martinez argues that attackers can still move through networks even after a breach was discovered, so make sure to monitor for subsequent attacks before proclaiming that the coast is clear. Use this time to double — or even triple — check all your passwords and security protocol. You should also consider setting up multi-factor authentication to further secure your operations.

2. Get professional help

Professional help is just as important when it comes to getting operations running after a data breach, so consider beefing up your network security team moving forward or at least taking on a consultant or two to help you get back on your feet. The good news is that with the cybersecurity industry being one of the most in-demand professions, most of today’s professionals would have studied it at degree level in order to compete in the job market. And as a result they will be up-to-date with the latest countermeasures and protection protocols. Maryville University notes that cybersecurity degree holders are not only well-versed in both offensive and defensive techniques for data protection, they can also assist in fulfilling the legal requirements related to data privacy and security. Expertise like this can be crucial in rising from the ashes of a major data breach, as not only will you need to rebuild client trust and internal operations security, but also avoid any other related liabilities — legal or otherwise.

3. Backup, backup, backup

Encrypted backups are a good investment, as these are harder to hack into and will ensure that you have access to vital business data even if one of your servers are compromised. There’s something to be said about physical distance, too: You should consider installing remote backups as another way to secure your data and keep your systems running even during a breach. Having multiple backups in multiple locations means that your company is less susceptible to attacks that target your business or client data.

4. Keep Everyone in the Loop

A data breach can be distressing for everyone affected, which is why you must keep involved parties in the loop about the situation. In this way, you’ll create an environment of trust in the aftermath of a data breach. Apart from giving regular updates, it’s vital to educate them about the best ways they can protect themselves. In our ‘The End of Privacy As We Know It’ post, we shared how not everyone understands the ins and outs of data privacy and security. And teaching them even the basics of data analytics can make all the difference for a company’s private information. At the end of the day, data breaches can take a while to recover from, but positioning your company as being proactive, because or despite any losses, can instill confidence in your business partners and clients.

Share the joy

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *