Critical steps to take right after a data breach

Critical steps to take right after a data breach

Businesses set up cybersecurity safeguards to protect their data and systems from being modified, stolen, or deleted. But once in a while, cybercriminals break through even some of the toughest security defences. And contrary to popular belief, big corporations are not the only targets of cyberattacks. In 2020, almost a third of data breaches worldwide involved small businesses.

The Canadian Centre for Cyber Security also warns that threat actors are increasing in number and sophistication. So if you fall prey to a cyberattack, it would pay to have a data breach response plan in place to mitigate the damage.

A data breach response plan helps mitigate damages

What should you do immediately upon discovering a data breach?

According to IBM, it takes 197 days on average to discover a data breach. This means that by the time a breach is uncovered, it could have already done significant harm. The following steps can help your organization survive a data breach.

Download our free eBook!

Stay on the right side of data breach statistics by reading our eBook: Data breaches: The definitive guide for business owners.

Download now!

1. Assess the breach

First, you’ll have to evaluate the extent of the damage caused by the breach, so it’s critical to have a business continuity team that specifically handles threats to operations like data breaches.

This team must have IT and data forensics experts who will determine the scope and severity of the attack. These experts must also deduce the nature of the breach, whether it's a targeted attack or part of a broader strike, which networks or servers were affected, and who has access to these, among others. By knowing how the breach was initiated and which parts of the infrastructure were affected, you'll be better equipped to minimize the consequences of the cyberattack.

2. Contain the damage

Secure the areas affected by the breach to prevent cybercriminals from getting further into your networks and compromising more data. Some steps to immediately undertake include:

  • Taking your system offline
  • Disconnecting the affected systems from the rest of your infrastructure
  • Limiting access permissions and disabling remote access
  • Maintaining firewall settings
  • Installing critical security updates or patches
  • Updating and strengthening user credentials such as passwords
  • Replacing affected devices with uncompromised ones

Document the process of containing the damage, and do not destroy any pieces of evidence that can help during an official investigation.

3. Notify necessary entities

There are several data protection statutes that mandate organizations to promptly report security breaches to the Privacy Commissioner of Canada. The Personal Information Protection and Electronic Documents Act, for instance, obligates organizations to disclose any loss of or unauthorized access to personal information if the breach poses a real risk of significant harm to the affected individual. If a data breach could significantly harm even just one person, it would still need to be reported to the authorities.

Businesses are also required to notify affected individuals as well as any organization that can help contain the breach. The notice should at the very least include a description of the attack, the time and date of its occurrence, the number of individuals affected, and the steps undertaken to reduce risks or harm. Failure to notify the authorities can lead to expensive and laborious legal consequences.

4. Manage the fallout

A data breach will always have devastating financial repercussions. In fact, Canada had the third highest average cost for data breaches in the world (CAD6.35 million) in 2020. If you have cybersecurity liability insurance, contact your provider as soon as possible to see how they can help cushion the blow of the breach.

Brace yourself for reputational damage as well, since a data breach can lead to loss of client trust. Counter this by proactively taking steps in rebuilding the public’s confidence in your organization after a breach. Remove any information posted online as a result of the cyberattack, improve your employee security awareness program, and toughen up your cybersecurity posture. Communication can also be critical in maintaining positive relationships with your clients, so it’s a good idea to establish a dedicated hotline to address questions from affected individuals.

XBASE is your local IT solutions partner. We offer Exponentially Better™ Cybersecurity Services with solutions that focus on prevention, monitoring, and detection. Get expert, comprehensive IT support now. Call us at 647-560-1644 or drop us a line.