What to do in case of a data breach

How to batten down the hatches after a data breach - is it possible to prevent further damage to your firm's reputation?

Can you protect against a breach?

Andrew Kellett, senior research analyst at the Butler Group agreed, and added that there was no sure-fire way to avoid data breaches and explaining that even the best protected and cautious firms were likely to fall victim.

"It was never just about deploying technology, people and process have an important role to play in the protection of corporate data and it is bringing the three together (people, process and technology) that helps organisations to put in place effective security initiatives," he said.

"There is no absolute way to avoid data losses, simply because there are so many vulnerability points and so much sensitive data that needs to be protected," he added.

Advertisement - Article continues below

"At the top level there is a need to take into account malicious activity, unacceptable but non-malicious misuse, and accidental loss. Remember even very good and well organised organisations do suffer data breaches. [And] at the end of the day each business is responsible for protecting all the sensitive data that it chooses to hold."

There is no single way to protect against data breaches and indeed there is no magic bullet for putting customer concerns to rest.

However, there are measures that firms can take to make sure that their customers understand the implications of the data loss, and particularly what it means to them.

Put customers first

Most firms will do the bare minimum in public and will choose to either contact their customers individually or release a statement about the issue. For the end user, this will lead to a loss in confidence but also to panic worry and concern. Or as Heiser simply puts it: "They aren't very helpful to people at all".

Heiser suggested that rather than just supply a message, firms should provide a guide to the issue for their customers and inform them of precisely what happened, what the loss involves, how it affects them, and what they can do themselves to ensure that it does not become a much bigger problem.

As well as this, he explained that firms should draw up their own 'breach recovery plans', a set of instructions and guidelines specifically pitched at the employees who are authorised to deal with the issue and informing them of what activities to undertake.

He added that firms should "put it into place ahead of time," explaining that this would remove any risk of firms appearing to be floundering in the wake of a breach and would instead let them present themselves in a calm manner while they dealt with what is essentially a common and sadly, expected occurrence.

Kellet agreed, adding that that every well-publicised breach should serve as a wake-up call to firms and encouraged them to, "work hard to improve their processes and to ensure that policies are published and updated on a regular basis so that all employees know what their responsibilities are".

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019