WebbyTech | What to do after a data breach
Experiencing IT problems? Don't hesitate to call us today on  01702 900400

What to do after a data breach

Home >> Articles >> What to do after a data breach
  • April 05, 2023
  • Articles

We commonly find ourselves writing about data on our blog. As you will have heard us say, it’s the lifeblood of a business. Because of this the stories of hackers trying to access or steal data are getting more and more common.

There are plenty of things that you can do to protect yourself from a data breach. Good staff training, good processes and procedures and strong frequently changed passwords should all get part of your arsenal.
However, if your adversary is persistent there is a slim chance they may break through your defences. If this happens, what should you do after a data breach?

1 – Understand what has happened

To make an effective plan to address a data breach you first have to understand what has happened. You will hopefully have a full data recovery plan in place, but some basic questions you will need to ask are:
  • What data has been compromised?
  • Who does that data belong to?
  • When did the breach take place?
  • How did the breach happen?
  • How long has it been between the breach and becoming aware of it?

2 – Contain the issue

Once you understand the issue then it is possible to put in place steps to contain it. To be clear, containing the issue is not solving it, it is putting in place steps to ensure it doesn’t become worse.
This should be the first step in your data breach plan is all about ensuring that any attacker doesn’t get further than they already have.
Specific actions will be applicable to your own data breach plan however, common actions can include removing Internet access for a period of time, quarantining affected hardware and making sure that all login passwords are reset.

3 – Notify those affected

If any of the data affected I’m the breach belongs to someone else then you need to inform them of what has happened and the steps you have taken and are planning to take to resolve the breach.
Data affected could be personal data held about staff.  More likely it is going to be data that you hold about customers and clients, or on customer and clients behalf. In each case, open, honest and timely communications are going to be the best way to minimise any damage to your ongoing relationship.

4 – Put steps in place for a solution

Once you know the problem and you know who are affected then you’re in the best position to solve it. This is why we spent so much time on steps 1 to 3.
If the steps to a solution feel as though they are beyond your capabilities, it is worthwhile to work with IT professionals to permanently solve the issue rather than patching up with a quick fix.

5 – Lessons learned

An underrated final step. If possible always a do a lessons learned exercise after an incident like this. Even if you already had a plan and executed it, there will be things you picked up in the live situation.
Not enough people do this step. If you include it in your process then you might stop the problem from happening again, or if it does, be in an even stronger position to stop it.
Whilst a data breach can be scary and unnerving, if acted on swiftly then it shouldn’t cause undue disruption. If you already have a robust data protection plan in place then it should be a simple solution of putting that plan into action.
If you haven’t set up a data protection plan yet and would benefit from some support, Webby Tech are here to help. See the services we offer here or contact us directly for a no-obligations conversation here.