How to respond to a data breach

In the UK the average cost of a data breach has grown to over £2.5 million and the reputational harm a breach does to a business can be even worse.

A data breach is a security incident in which information is accessed without authorisation. In the last few years millions of personal details have been stolen. Organisations targeted and breached include; British Airways, Yahoo, Facebook, Dixons Carphone, Marriot Hotels, eBay, Equifax and Travelex.

Information involved in a data breach usually consists of:

  • Sensitive business data: Information that could impact the reputation or profitability.
  • Financial information: Customer bank details, debit or credit card information.
  • Personally Identifiable Information (PII): Examples include full name, National Insurance number, bank account number or email address.
  • Protected Health Information (PHI): Medical information that identifies an individual.

How to respond to a breach:

  • Determine the scale of the breach: What data and how many records were compromised.
  • How was the data exposed: Trace the path of the attacker, did they move from one system to another? Police cybercrime units can offer expert advice – ask for support.
  • Document everything: Who, what, when and why is needed for external agencies but, committing pen to paper will also identify the next logical steps and support a response to future incidents by identifying the appropriate corrective actions.
  • Isolate compromised systems: Once isolated, attempt to sanitise them. If an application vulnerability is being exploited, take the application offline. If a malicious insider has leaked information, cut off their access to the organisation’s network.
  • Instigate business continuity plan. Determine what critical processes must take place and the data these processes need. Have work-arounds been planned out in advance?
  • Never underestimate how long an attacker has been entrenched in your systems and what damage may be done.
  • Never log into an infected machine with administrative credentials or plug in your backup.

Communication

  • Breaches need to be reported to the Information Commissioner’s Office (ICO) and to individuals if they pose a ‘high risk’. Risk refers to the possibility of affected individuals facing economic or social damage, such as discrimination, reputational damage or financial losses.
  • You must notify the ICO within 72 hours and affected individuals without ‘undue delay’.
  • If a crime has been committed, contact Action Fraud.
  • If your organisation is affected by industry regulations, other 3rd parties might need informing, seek legal advice if in doubt.
  • Determine ways for affected individuals, third parties and the media to make contact.

Security is a major concern for all businesses and creating a secure IT environment should be at the top of any business agenda. TiG are hosting an online Business Security Briefing on 21st May, where we’ll be joined by a member of the Police Cyber Security Team. Find out more on the event page.

Business Security Briefing

Learn about the risks and best methods of defence by joining our security briefing with experts from the police and TiG.

Find out more

Related insights

See more insights

Enabling specialist UK businesses to unleash their true potential.

Get in touch