How to recover from a data breach

Cyber attacks and data breaches are clearly huge risks for organisations. It’s important to do everything possible to prevent incidents, but with the GDPR (General Data Protection Regulation) mandating that incidents be reported within 72 hours of discovery, you need a plan in case disaster strikes.

You might think that’s an impossibly short deadline, but if you follow the four steps we outline here, you can ensure that you meet your compliance requirements.

1. Contain the breach

Once an organisation notices that it has been breached, it needs to identify how the incident happened. This will allow the organisation’s security staff to take any appropriate action to prevent any further damage.

In many cases, this will mean disconnecting the organisation’s systems from the Internet, but doing this isn’t always appropriate.

If the breach was caused by a database that wasn’t password protected or an insider losing a removable disk, etc., disconnecting your systems will unnecessarily halt business and probably cause panic among your staff.

2. Assess the risks

Once the threat has been contained, organisations should take some time to assess the extent of the damage and consider how to proceed. They should find out:

  • What type of data is involved;
  • How sensitive the data is;
  • Approximately how many people’s data is affected;
  • Who is affected (customers, staff, suppliers, etc.);
  • Whether the information contains financial information or other high-risk data;
  • Whether the stolen data is encrypted; and
  • Whether the organisation backed up the data.

Notify regulators and those affected

Depending on the answers to those questions, organisations will have to notify regulators or the affected individuals.

Under the GDPR, data breaches only need to be reported if they “pose a risk to the rights and freedoms of natural living persons”.

This generally refers to the possibility of affected individuals facing economic or social damage (such as discrimination), reputational damage or financial losses.

Prepare for the future

After an organisation has responded to the incident, it should take appropriate actions to prevent future breaches.

It should use the information it gathered responding to the incident as the starting point to investigate further, identifying how its cyber security measures can be improved.

This might include investing in better security technology, updating its policies or making its staff more aware of their cyber security responsibilities.

This last point is crucial, because an organisation’s employees are often its biggest vulnerability. Staff awareness training courses don’t take long and can vastly improve employees’ understanding of information security risks and compliance requirements.

Invest in staff awareness training

If you’re considering investing in staff awareness training, you should take a look at our Information Security Staff Awareness E-Learning Course.

This course goes into more detail on how organisations should respond to data breaches, and also covers:

  • Antivirus software;
  • Inadequate passwords;
  • Phishing;
  • Backups; and
  • Physical and digital information security.

Get started


Meanwhile, those looking to liven up their staff awareness programme might be interested in our Phishing Challenge E-learning Game.

This interactive training tool provides a unique and engaging way to test your staff’s ability to spot bogus emails.

With real-world examples of scams, you can put your employees’ cyber security skills to the test and see who will claim the bragging rights in your office.

Take our fun, high-impact phishing game to embed knowledge

A version of this blog was originally published on 14 December 2017.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.