Every organisation’s nightmare is a data breach that results in lost customer data. Do you know what to do if a data breach crisis happens in your organisation? Do you have your communication and technical plans in place should the dreaded occur? Here are 5 Key Steps to Take if a Data Breach Occurs:
Fail to prepare, prepare to fail, but not if you follow our 15-step best practice Data Breach Crisis Plan.
Is Your Organisation Prepared for a Data Breach?
Here are some questions to ask your organisation:
- Do you have a process to identify and establish facts, and to assess the likely risks to individuals if a data breach occurs?
- Do you have a process for locking down the technical aspects after such a breach?
- Do you know who in your organisation will have responsibility for internal and external communications?
- Do you know who the relevant supervisory authority is for reporting any breaches and what information you need to supply?
Recommended reading: 50 Startling Data Breach Facts Every Business Should Know
5 Key Steps to Take if a Data Breach Occurs
1. Establish the facts and assess the damage
You need to know details such as when did the data breach occur and how many data records are affected. And importantly, what likely risk to individuals is there as a result of the breach?
2. Take immediate technical action
Disconnect devices, ensure logging is still enabled and change passwords.
Recommended reading: 6 mistakes not to make if a data breach occurs
3. Communicate internally and prepare external comms
Contact key stakeholders in the company/organisation and set up a project team to manage the data breach project. Start working on communication and PR plans asap.
4. Audit the data breach
Identify the systems compromised and the data exposed. Can you identify breach cause?
5. Document and report to your data protection commission office
Under GDPR you must inform the data protection commissioner within 72 hours.
Recommended reading: These are the Colossal Facts and Costs of a Data Breach
After the data breach crisis is over
After the crisis is over, the organisation should sit down and reflect on it, the impact on stakeholders and look at how such a data breach can be avoided in the future.
You also need to assess the damage done to your business including drop in sales, loss of customers, etc.
Finally, remember to follow these 4 simple steps always
1. Act quickly
2. Assess the situation
3. Communicate with all stakeholders
4. Make amends where required
By establishing your own data breach crisis plan you will start to identify weaknesses in existing security. Once created, your plan should regularly be tested, this helps to strengthen disaster recovery operations and minimise the impact of a breach and its disruption.
Ready to give Rinodrive a go? Signing up for a free trial is just
Over to you now. Have you dealt with a data breach in your organisation? Any tips to share on what to do if a data breach occurs? Tell us in the comments below.
Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).