How to handle a data breach in your organisation
It’s a good idea for businesses to introduce both an internal and external plan of action should a data breach occur within their business. This will mean that your team will be better prepared and will have an increased chance of getting things right the first time. Ultimately, this could serve towards limiting damage to your software, management and overall reputation.
Nowadays, companies are becoming increasingly reliant on their banks of data, so if these are compromised and they can no longer gain access to this data, it could cause unparalleled interruption to the business across the board. We take a look at what you should think about to prepare your business in the event of a data breach.
Employee Training
All of your staff should be prepped on spotting and dealing with potential threats and training should be given to facilitate this. It may be helpful to run through some test scenarios with all your employees to ensure they know the best practice to keep a business going in the event of a breach.
Communication
Your communication team will be vital should a data breach occur and correct training will ensure they know how to handle communications across the workforce and externally following a breach.
Media
Staff should be instructed not to talk to the media in the event of a breach. The CEO and board should start out by notifying stakeholders and regulators and then prepare a statement for a professional spokesperson to communicate to the public. There’s nothing worse than throwing someone with little experience into the line of fire without preparation and a throwaway comment between a member of staff and an opportunistic journalist could be devastating to your business.
Technology and operations
The priority of your IT and operations teams will be to identify the cause of the breach and to secure the information as quickly as possible. Next, they will need to take steps towards recovering the systems and getting things back up and running again as soon as possible.
GDPR
You will need to be aware of who you need to inform in the event of a breach and the timescales in which this information is required. Certain types of data breaches need to be reported to the relevant authority within 72 hours. You may also be required to let the individuals affected know about the breach of their information if it is likely to result in a high risk to their rights and freedoms. In this case, you will also need to inform the ICO of the breach.
The key to handing a data breach as efficiently as possible whilst mitigating damage to your company’s systems and reputation is in the planning. It also helps to have a strong insurance policy in place to deal with the financial repercussions of such an attack.
Contact Lockyers to speak to one of our advisors about arranging cyber liability insurance for your company. We’re here to help.