Did you know that over 2017, 46% of small businesses across the UK reported significant data breaches? For medium sized businesses this rose to 66%, and a staggering 68% of large firms reported similar breaches. This increase in cyber breaches only brings the total value of us to £2.48 million per year. So this raises the question – what is a business supposed to do when they experience a data breach? And with GDPR only implementing more rules around how to handle data breaches, it’s essential that everyone in your business understands what to do in the event of a data breach. To help you out, here are 6 things you need to do.
Put A Response Team In Place
As soon as you become aware that there’s been a breach, you need to alert and assemble a response team. If you don’t have one in place, you need to create one. Your response team is essentially a group of people, either internal or external, who have the skills to deal with a breach, fix it and deal with the fallout. This team should have decision making authority, and report to the board on progress regularly. Having an incident response team in place has been proven to be a cost-reducing factor in a huge number of data breaches, large and small, saving on average £12.37 per data record affected.
Contain The Problem
When you become aware of it, your second priority should be a containing the problem. Identify the source of the breach as quickly as possible – was it a faulty firewall? Malware? A phishing scam? Or maybe an insider information leak. Once you have identified it, take steps to contain the issue. This could mean isolating a particular area of your network, locating a lost piece of equipment or even just changing the access codes of the front door.
Assess The Risks
Now it’s important to determine how sensitive the breached data is, and what the real-time risks are. If it’s a ransomware attack, perhaps the ransomed data is just needed by employees to do their jobs, and there are backup files that can be accessed. Theft of customer data, on the other hand, could lead to identity theft, so you should inform the police if appropriate.
Solve The Problem
And obviously, you should ensure you take steps to solve the problem once it’s contained. Again, this depends on what the issue was to begin with, so it will be handled differently every time. Once the breach source has been dealt with, you can take steps to protect your systems from attack in the future.
Send Out Notifications
This is the part most businesses don’t want to do, because they are worried it will risk their reputations in the marketplace. But it is a legal requirement for you to notify individuals whose data was, or could have been accessed and affected by the breach, so you’ll have to swallow your pride on this one. Sending out notifications early means your customers have the best chance of protecting their data, so it’s important for them and you to do this swiftly.
At Hungry Shredder, we believe that every business should put protecting their customer data at the forefront of their operations. That’s why we provide secure and confidential shredding services to business owners around the country. To learn more about how Hungry Shredder can protect your documents and hard drives, just get in touch with our team today.