What to Do if You Become Aware of a Breach

Take action

It’s vital to remember there are steps that must be taken to ensure that the breach doesn’t become worse. Also, don’t be afraid to speak to your Data Protection Officer, Team Lead etc. The sooner a breach is reported the quicker it can be dealt with.

Firstly, you will need to evaluate whether you can stop the sharing of this information, this could be through a delay in the sending of an email, or if it is tool such as Dropbox, SharePoint etc can stop sharing the information immediately and remove all access to prevent anyone from seeing the data.

Notify

The next step is to notify your Team Leader or Head of Department and Data Protection Officer (DPO)or your GDPR Team. Always provide as much information as possible and don’t be afraid, they want to know what’s happened so they can restrict the impact. Important information includes:

• What happened?
• How did you discover this?
• When did you discover the incident?
• What did you do to stop it?
• What time and date did this occur?
• Did this effect any customer data if so, who?

Communicate

These consequences could result in the breach going over the time it needs to be reported, reduced time to investigate the issue and even result in other issues going undiscovered potentially resulting in further breaches.

Potential consequences for not reporting the breach in time can include fines of up to £17.5 million or 4% of the organisation’s global turnover (whichever is higher), restrictions in how data can be held and what data can be held. This could potentially result in an organisation not being able to perform their daily function as they may no longer be able to process the data required.

Time is of the essence

This logic remains the same for all types of breaches. It’s best to be aware that if you discover a breach, it is not something that can wait until Monday or the next day. It needs to be reported as quickly as possible. Depending on the breach clients may need to be made aware, and so might the ICO (please be aware that the ICO is the British Regulatory body and this will mean the breach may need to be reported to another country depending on where you are in the world,) which has a requirement that this must all be done within 72 hours of the breach being discovered, however this is only if the breach needs to be reported to the ICO- the following link will help identify if a breach needs to be reported https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach-assessment/. So, every second counts and the sooner the relevant people are made aware the better.

Afterwards carrying out a lessons learned exercise is just as important to ensure that the incident can be avoided again where possible. This can help identify, what went wrong, how it could have been avoided and how to better prevent this type of incident in the future. In addition, it is recommended that organisations keep a Risk Register to track any breaches. However, these activities should always be approached with the intention to ensure that any similar breaches can be avoided in future.

Be prepared

It is always important to remember that breaches can have serious implications for businesses. Whilst they will most likely happen, every organisation has a responsibility to protect the data they hold. Organisations should always approach protecting data with the utmost care and ensure that staff also handle data correctly and safely.

One way to ensure this is regular training, another is investing in security controls to protect networks externally and internally (such as Anti-Malware, Firewalls etc) along with audits such as Pentests and Cyber Essentials. This can help sure up defences against attackers and with regularly training staff this should prevent internal breaches.