What to do in case of a data breach

How to batten down the hatches after a data breach - is it possible to prevent further damage to your firm's reputation?

Can you protect against a breach?

Andrew Kellett, senior research analyst at the Butler Group agreed, and added that there was no sure-fire way to avoid data breaches and explaining that even the best protected and cautious firms were likely to fall victim.

"It was never just about deploying technology, people and process have an important role to play in the protection of corporate data and it is bringing the three together (people, process and technology) that helps organisations to put in place effective security initiatives," he said.

"There is no absolute way to avoid data losses, simply because there are so many vulnerability points and so much sensitive data that needs to be protected," he added.

"At the top level there is a need to take into account malicious activity, unacceptable but non-malicious misuse, and accidental loss. Remember even very good and well organised organisations do suffer data breaches. [And] at the end of the day each business is responsible for protecting all the sensitive data that it chooses to hold."

There is no single way to protect against data breaches and indeed there is no magic bullet for putting customer concerns to rest.

However, there are measures that firms can take to make sure that their customers understand the implications of the data loss, and particularly what it means to them.

Put customers first

Most firms will do the bare minimum in public and will choose to either contact their customers individually or release a statement about the issue. For the end user, this will lead to a loss in confidence but also to panic worry and concern. Or as Heiser simply puts it: "They aren't very helpful to people at all".

Heiser suggested that rather than just supply a message, firms should provide a guide to the issue for their customers and inform them of precisely what happened, what the loss involves, how it affects them, and what they can do themselves to ensure that it does not become a much bigger problem.

As well as this, he explained that firms should draw up their own 'breach recovery plans', a set of instructions and guidelines specifically pitched at the employees who are authorised to deal with the issue and informing them of what activities to undertake.

He added that firms should "put it into place ahead of time," explaining that this would remove any risk of firms appearing to be floundering in the wake of a breach and would instead let them present themselves in a calm manner while they dealt with what is essentially a common and sadly, expected occurrence.

Kellet agreed, adding that that every well-publicised breach should serve as a wake-up call to firms and encouraged them to, "work hard to improve their processes and to ensure that policies are published and updated on a regular basis so that all employees know what their responsibilities are".

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021