6 Mistakes Not To Make if a Data Breach Occurs

No organisation nowadays is immune from data breaches. You never know when you’ll be involved with one, but you should plan for a data breach crisis to be able to act quickly if it does happen. And there are some simple mistakes you can avoid should a data breach happens. Here are 6 mistakes not to make if a data breach occurs. 

Obviously if your organisation experiences a data breach you will need to establish the facts and assess the damage.
You need to know:

• When did the data breach occur?
• How many data records are affected?
• How did the data breach occur?
• Where did it happen?
• What likely risk to individuals is there as a result of the breach?

Having done your initial analysis make sure you avoid these 6 key mistakes, as they will only compound the disruption and impact of the data breach:

1. Failing to disconnect devices

All affected systems and devices should be disconnected and isolated away from the rest of the network. This will limit the communications between affected systems and other devices or systems on the same network, therefore limiting further data loss or damage.

2. Failing to ensure logging is still enabled

Often data breaches and system hacks mean that the systems have been designed to disable logging and this will later cause issues when identifying the issues with the data breach. Logging should always be left enabled for audits.

Recommended reading 5 Key Steps to Take if a Data Breach Occurs

3. Not implementing password changes immediately

The majority of data breaches are through compromised account passwords and so a complex password policy needs to be followed. All systems that are suspected in a compromise should have passwords and all account credentials changed. These include all application passwords and network and system passwords for network access rights.

4. Not documenting the key facts of the breach

Under the GDPR you are required to report a data breach within 72 hours and so you need to document the key elements and facts of the breach and the steps taken post-breach. Have someone start documenting all current and future actions so that you can pass this information onto the data protection office.

The information that should be included in a notification of a data breach is:

• The type of personal data breach, including:
• The type and estimated number of individuals affected; and
• The type and estimated number of personal data records concerned.
• The name and contact details of a point of contact where further information can be obtained, such as that of the data protection officer (DPO);
• The possible outcomes of the personal data breach; and
• A list of measures taken or being taken to deal with the breach and appropriate measures taken to mitigate any adverse effects.

5. Not communicating swiftly

In September 2017, Equifax disclosed that they had had a huge security breach estimated to affect almost 200 million people worldwide. However, given the company had first discovered the breach in July, that should have been plenty of time to prepare for a response and solution for all affected individuals. The Equifax case is a perfect example of how not to handle a major security breach.

Here are some tips for communication both internally and externally:

• Contact key stakeholders in the company/organisation as soon as it is identified that a breach has occurred
• Set up a project team to manage the data breach project
• Prepare a communication plan and before you brief customers or the media brief internal stakeholders. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay. For customers you need to also tell them what are you going to require them to do.
• Assign responsibility for responding to customers and stakeholders, and pick a company representative who is skilled in media interviews
• Prepare a PR plan and media statement
• Prepare your initial social media posts about the key facts of the breach and where people can find out more information.
• Make sure your social media community manager is involved in all data breach crisis meetings and has the experience to deal with community engagement around the crisis.

Remember to follow these 4 simple steps always:
1. Act quickly
2. Assess the situation
3. Communicate with all stakeholders
4. Make amends where required

6. Failing to learn from the breach

The average discovery time for data breaches was a staggering 191 days in 2017. How did your organisation cope with the data breach? Where did the weaknesses in your data breach crisis plan lie?

55% of data breaches are perpetrated by malicious outsiders, 25% are due to accidental loss, 15% are by malicious insiders. You need to account for all of these scenarios in your monitoring.

• Do you have monitoring in place to ensure data is not being accessed without authorisation?
• Are you monitoring data breaches via email accounts?
• Is your data storage and management system secure and encrypted?
• How is file sharing internally and externally taking place?
• Can you have confidence in your data security?

Conclusion

No organisation nowadays is immune from data breaches. You never know when you’ll be involved with one, but you should plan for a data breach crisis to be able to act quickly if it does happen.

Over to you now. Have you dealt with a data breach in your organisation? Any tips to share on what to do if a data breach occurs? Tell us in the comments below. 

Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).