Data breach: are you prepared?

What is a data breach?

By definition, a data breach is any incident where private, protected or sensitive information is lost, stolen or used by an unauthorised person.

All businesses, regardless of size, are susceptible to a data breach, with companies such as T-Mobile, Nationwide Building Society, Morrison’s Supermarket and Sony PlayStation Network all falling victim in recent years.

One single breach could end up costing thousands of pounds, and that could spell disaster for any business, particularly smaller firms with fewer customers and limited cash flow. How you act in the immediate aftermath of a data breach could make all the difference in the recovery and reputation of your business.

Planning for the worst case scenario will help you to cope in the event of a data breach, and it may limit the likelihood of one occurring in the first place. Steps to take include:

Create an Incident Response (IR) plan
It’s essential for all businesses to have an IR plan in place, which should include a definition of a data breach and a step-by-step process on how to deal with one. This plan will help you to respond effectively and in a timely manner should a data breach occur.

Identify relevant threats
When devising the IR plan, identify the risks relevant to your organisation. Your threat landscape will be largely determined by how your business operates. For instance, if you offer online services you could be susceptible to a denial-of-service (DoS) attack, whereby cyber criminals disrupt and suspend services in order to make networks unavailable to users. As your business grows and adapts these threats may change, so they should be re-evaluated on a regular basis.

Educate staff and put your IR plan into action
Once you have developed an IR plan, distribute it to all employees. Explain how they can help to prevent a data breach and discuss their individual roles in the event of a breach. Put the IR plan into action at least once a year, as doing this will enable you to analyse its effectiveness and ensure you and your team are able to respond to a breach in the appropriate manner.

If you do suffer from a data breach, consider the following action:

1. As soon as the breach has been identified, you must move as fast as possible to evaluate how serious the breach is. You should immediately follow the process set out in your IR plan.

2. Don’t worry about the root cause of the breach; focus first on containing and destroying the threat and restoring the service.

3. Communicate to all key stakeholders about the possible data breach and keep them updated on developments. It’s important that you are open and honest about the breach – do not attempt to hide any information from them.

4. Following this, your customers need to know about the breach. It’s more effective to create a response template that can be immediately distributed in the event of a breach. Keep it short and sweet: explain that your business has become aware of a possible breach and is trying to fix the issue as quickly as possible.

5. Following a data breach, ask yourself: did my team and I handle the breach effectively? Was the IR plan effective? Evaluating all incidents will enable you to make necessary amendments and plan for a more effective response in the future.

Thank fully there is insurance cover out there to help protect you and your business in the event of a data breach.

Talk to Guy Penn Community Insurance Brokers today…..We’re “at your service”

Tel: 01253 723456