If you notice a breach in your business data, the first thing to do is identify how serious it is. Identifying whether information such as personal email addresses, dates of birth and payment accounts are taken, can have financial implications for your company, staff and customers.
In the event of a breach you can take several first response steps:
- Identify where the data loss occurred, i.e. from which account or user did the breach originate.
- Change passwords. For online accounts, changing all account passwords where the intrusion occurred, should be the first step. Try to make the new passwords stronger and change all other associated online accounts. Using a system of characters which relate to each account which can be easily remembered by staff, would also prevent people saving passwords on their computers, further reducing the risk of being breached.
- If any of the information stolen is financial, contact relevant banks or credit companies immediately and explain that some accounts are at risk of fraud. Ask for the card issuer to register alerts on relevant accounts.
- Alert your customers immediately to the possibility of sensitive information having been released on their accounts. This will involve a detailed email and a follow-up postal letter to detail your concerns about their data. You could also offer anyone affected the services of a data monitoring agency for one year, this way customers can be furthered reassured that action will be taken due to related fraudulent activity.
- Start investigating disaster recovery solutions such as Datto to allow you to recover any data which may be lost. But most importantly, get expert advice in order to reduce the risk of this happening again.
In conclusion, you should have a data breach procedure in place on which all your of staff are trained, up to date cyber security on your systems and recurrent revision of any GDPR policies and compliance procedures. According to the Global State of Information Security Survey, 2018, the chance of an employee causing a security incident is 30%. The report highlights that 29% of companies surveyed have actually suffered loss or damage to their internal records as a result of a security incident. The lesson we can learn from this? Knowledge is everything. Know the risks, know the things to look out for and know how to train your staff to avoid it happening.
Make sure you get expert advice as to how to implement an effective cyber security plan to protect consumer privacy and keep your business reputation intact. Call our Sales Team today on 0330 124 3599 to see how we can help.