Threat Management

What to Do if You Become Aware of a Breach

Bulletproof delves into the actions that you can take if you become aware of a breach within your organisation.

Euan Henderson Headshot

Euan Henderson Cyber Essentials Plus Assessor

4/11/2024 3 min read

Introduction

No matter what security controls you put in place, a breach will happen. It's a matter of life nowadays and it's not a case of 'if' but 'when'. This will not always be the result of a hacker, it can be as simple as a staff member sharing two people's information with one another by accident.

Share this Article

Take action

It’s vital to remember there are steps that must be taken to ensure that the breach doesn’t become worse. Also, don’t be afraid to speak to your Data Protection Officer, Team Lead etc. The sooner a breach is reported the quicker it can be dealt with.

Firstly, you will need to evaluate whether you can stop the sharing of this information, this could be through a delay in the sending of an email, or if it is tool such as Dropbox, SharePoint etc can stop sharing the information immediately and remove all access to prevent anyone from seeing the data.

Notify

The next step is to notify your Team Leader or Head of Department and Data Protection Officer (DPO)or your GDPR Team. Always provide as much information as possible and don’t be afraid, they want to know what’s happened so they can restrict the impact. Important information includes:

  • What happened?
  • How did you discover this?
  • When did you discover the incident?
  • What did you do to stop it?
  • What time and date did this occur?
  • Did this effect any customer data if so, who?
Your DPO will most likely ask for further information if required. Always respond to them, no matter how embarrassing it seems or how worried you are, if you don’t respond it may cause consequence that can make things far worse for everyone.

Communicate

These consequences could result in the breach going over the time it needs to be reported, reduced time to investigate the issue and even result in other issues going undiscovered potentially resulting in further breaches.

Potential consequences for not reporting the breach in time can include fines of up to £17.5 million or 4% of the organisation’s global turnover (whichever is higher), restrictions in how data can be held and what data can be held. This could potentially result in an organisation not being able to perform their daily function as they may no longer be able to process the data required.

Time is of the essence

This logic remains the same for all types of breaches. It’s best to be aware that if you discover a breach, it is not something that can wait until Monday or the next day. It needs to be reported as quickly as possible. Depending on the breach clients may need to be made aware, and so might the ICO (please be aware that the ICO is the British Regulatory body and this will mean the breach may need to be reported to another country depending on where you are in the world,) which has a requirement that this must all be done within 72 hours of the breach being discovered, however this is only if the breach needs to be reported to the ICO- the following link will help identify if a breach needs to be reported https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach-assessment/. So, every second counts and the sooner the relevant people are made aware the better.

Afterwards carrying out a lessons learned exercise is just as important to ensure that the incident can be avoided again where possible. This can help identify, what went wrong, how it could have been avoided and how to better prevent this type of incident in the future. In addition, it is recommended that organisations keep a Risk Register to track any breaches. However, these activities should always be approached with the intention to ensure that any similar breaches can be avoided in future.

Be prepared

It is always important to remember that breaches can have serious implications for businesses. Whilst they will most likely happen, every organisation has a responsibility to protect the data they hold. Organisations should always approach protecting data with the utmost care and ensure that staff also handle data correctly and safely.

One way to ensure this is regular training, another is investing in security controls to protect networks externally and internally (such as Anti-Malware, Firewalls etc) along with audits such as Pentests and Cyber Essentials. This can help sure up defences against attackers and with regularly training staff this should prevent internal breaches.

Euan Henderson Headshot

Meet the author

Euan Henderson Cyber Essentials Plus Assessor

Euan uses his experience in both IT and Cyber Security to help clients with achieving their Cyber Security Goals, offering effective and easy to follow guidance on how to improve their security posture along with making their certification as easy as possible.

Win new business & protect your data

Get the right level of support with Bulletproof’s Cyber Essentials packages – includes cyber tools you need to pass certification.

Get started today

Related resources


Trusted cyber security & compliance services from a certified provider


Get a quote today

If you are interested in our services, get a free, no obligation quote today by filling out the form below.

(1,500 characters limit)

For more information about how we collect, process and retain your personal data, please see our privacy policy.