5 Steps to Managing a Data Breach
A data breach occurs when secure or private information is released without authorisation. Such a breach of confidentiality that presents a risk to an individual’s rights and freedoms has to be notified to the authorities within 72 hours of awareness of the breach.
In this day and age, such security breaches are a constant threat for organisations, and the effects can be catastrophic, with reports of around 60% of small firms going out of business within 6 months of a data breach.
Organisations must implement appropriate measures to avoid such breaches of data, however, if a breach occurs, there are steps you can follow to keep your business safe;
1. Stop the breach
Containing a breach as quickly as possible is critical. Containment does depend on the nature of the attack, but isolating the system that has been breached, in order to prevent further spread, is essential. Determine the cause of the issue and find out what personal information has been compromised.
2. Preserve evidence of the data breach
Understanding how a breach occurred and the damage it caused is the next key element in managing a data breach.
3. Isolate the breach
Ensuring a security infrastructure built up of many layers will allow an easier isolation in the event of an attack. By segmenting business units from the network level, problems can be isolated as they are investigated.
4. Consider public communications and notifications
Once a breach has been found, the evidence preserved and isolated, the next step is to notify authorities, third-party organisations and individuals who may have been affected by the breach. With time restrictions on how long an organisation has to inform the governing regulators, this should be done as soon as possible.
Organisations need to provide information on;
- The date of the breach
- What was compromised
- Further prevention methods being put in place as a result
Explain why the breach took place and describe the solutions
5. Investigate, fix and restore systems
Knowing how your system was breached in the first place is essential in preventing it from happening again. Once the source of a breach is secured, systems can be brought back online. Systems should be tested and re-tested thoroughly in order to identify process gaps and confirm that all sensitive data is secure.
Be secure against data attacks. Our GDPR Toolbox provides a practical set of tools to help manage your data protection challenges. Learn how to manage your personal data, find out what to do when a member of staff leaves an organisation, use our data breach log and forms, manage individual records for Subject Access Requests and use our register to record the controls behind software usage.
Be proactive with your security. Don’t wait until you have to deal with a breach. Have measures in place to stop one ever occurring.
Need help managing your data protection challenges?
If you have experienced a data breach and require immediate expert advice to assess the severity of the breach and determine whether or not you need to report it to the ICO, as well as help with recording the appropriate information and communicating with affected parties, we can help.
Take a look inside
Take a quick look around the inside of the Databasix Essentials GDPR Toolbox.