So you’ve suffered a data breach? What to do next

It’s an announcement no information security specialist wants to make: the organisation has suffered a data breach.

The breach is bad enough, but now everyone in the office is panicking. Some will grumble about how they’re going to miss deadlines, others will frantically wonder whether they’re responsible for the breach and a few will probably blame the InfoSec professional for not doing their job properly.

But it doesn’t have to be this way. Data breaches are such a prevalent threat that all organisations should prepare for them. Remember: it’s not a question of whether you’ll be breached, but how you respond when it inevitably happens.

A swift response can ensure that you contain the incident promptly and give affected data subjects time to secure their accounts. It also proves to regulators and customers that your organisation takes cyber security seriously and that you aren’t to blame.

 

How to respond

There are six steps to follow after your organisation has been breached:

  1. Situational analysis: Provide your supervisory authority with as much context as possible. This should include the initial damage (what happened), how it affected your organisation (what went wrong) and what caused it (how it happened).
  2. Assess the data that is affected: Try to determine the categories of personal data and the number of records concerned.
  3. Describe the impact: What are the consequences for affected parties? The answer will depend on the information that was compromised.
  4. Report on staff training and awareness: If the breach involved human error, work out whether the employee(s) in question received data protection training in the past two years. You should also provide your supervisory authority with details of your staff awareness training programme.
  5. Preventive measures and actions: What measures did you have in place before the breach to prevent incidents like this from occurring? What steps have you taken, or do you plan to take, to mitigate the damage?
  6. Oversight: You will need to provide the details of the breach to your supervisory authority, including the name of your DPO (data protection officer) or whoever handles data protection in your organisation.

 

Get #BreachReady

Knowing what you should be doing to contain a breach is only part of the equation. You also need to understand how to implement those measures. Finding advice can be frustrating, because in many cases the solutions vary depending on the organisation: how it’s run, what its processes are, what resources it has at its disposal, and so on.

IT Governance understands these problems, and we have created flexible solutions to help organisations get #BreachReady. We’ve included advice on how to manage cyber security and a special offer to make sure you get the right tools and services to meet your budget and needs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.