What to do in case of a data breach

Can you protect against a breach?

Andrew Kellett, senior research analyst at the Butler Group agreed, and added that there was no sure-fire way to avoid data breaches and explaining that even the best protected and cautious firms were likely to fall victim.

"It was never just about deploying technology, people and process have an important role to play in the protection of corporate data and it is bringing the three together (people, process and technology) that helps organisations to put in place effective security initiatives," he said.

"There is no absolute way to avoid data losses, simply because there are so many vulnerability points and so much sensitive data that needs to be protected," he added.

"At the top level there is a need to take into account malicious activity, unacceptable but non-malicious misuse, and accidental loss. Remember even very good and well organised organisations do suffer data breaches. [And] at the end of the day each business is responsible for protecting all the sensitive data that it chooses to hold."

There is no single way to protect against data breaches and indeed there is no magic bullet for putting customer concerns to rest.

However, there are measures that firms can take to make sure that their customers understand the implications of the data loss, and particularly what it means to them.

Put customers first

Most firms will do the bare minimum in public and will choose to either contact their customers individually or release a statement about the issue. For the end user, this will lead to a loss in confidence but also to panic worry and concern. Or as Heiser simply puts it: "They aren't very helpful to people at all".

Heiser suggested that rather than just supply a message, firms should provide a guide to the issue for their customers and inform them of precisely what happened, what the loss involves, how it affects them, and what they can do themselves to ensure that it does not become a much bigger problem.

As well as this, he explained that firms should draw up their own 'breach recovery plans', a set of instructions and guidelines specifically pitched at the employees who are authorised to deal with the issue and informing them of what activities to undertake.

He added that firms should "put it into place ahead of time," explaining that this would remove any risk of firms appearing to be floundering in the wake of a breach and would instead let them present themselves in a calm manner while they dealt with what is essentially a common and sadly, expected occurrence.

Kellet agreed, adding that that every well-publicised breach should serve as a wake-up call to firms and encouraged them to, "work hard to improve their processes and to ensure that policies are published and updated on a regular basis so that all employees know what their responsibilities are".