How to Handle a Company Data Breach
6 steps how companies handle data breaches
Despite your best intentions and efforts as a business owner, you can never be 100% certain that a data breach
will not happen in your company. Mistakes are made, cybersecurity measures are circumvented, attackers become more
ingenious – the result is the same.
Your company has just suffered its first major data breach and you are wondering how you can handle this the
best way possible.
Sooner or later data security can be compromised, but what's important is how
companies handle data breaches, to avoid further damage to their business
Formulate a Strategy
Before you start making any actual moves to mitigate and solve the data breach, you need to take an overview of
your company and to look at the data breach guidelines that you had formulated for just this kind of a
If you run a large company, you might actually have experts who will be able to deal with this problem in-house.
Perhaps you have data forensic, IT and legal teams that will be able to handle this on their own.
However, if you run a smaller company, the chances are you will need to contact someone on the outside and hire them to handle the technicalities of the breach
for you. If you are outsourcing your IT, this is the perfect time for them to come through for you.
For the vast majority of people, the initial instinct when a data breach occurs is to take everything offline as
soon as possible, unplug and wait for the help to arrive. While you will want to take everything offline, it is a
bad idea to shut down the machines as this may prevent the data forensic people to investigate the breach in full.
Leave everything as is until the investigators arrive and assess the situation.
It is now time to turn off the affected machines and replace them with those that have not been affected.
Furthermore, you will want to do a sweep of all your entry and exit points and a complete overhaul of all the
credentials and system access privileges. Passwords need to be changed immediately, as well as anything else that
might provide continuous access to your data to the attackers.
You should also try and make sure that the data breach is contained by searching the web for data that might
have been compromised. If the data has been published somewhere, you will need to take all action you have at your
disposal to get the information down as soon as possible.
This initial action should also involve talking to people who noticed the breach so as to find out the extent of
the breach and whether there are any tails that could grow into additional problems down the road.
One of the essential steps in dealing with company data breach is to analyze
and remedy the problem, to prevent it from happening again.
Analyze and Remedy
Once you have managed to put the data breach under control and ensure that no further leaks will occur, it is
time to analyze what has happened, how your security system behaved and how you can prevent future similar
This is where the data forensic people will be taking charge, identifying the vectors that were used to access your data and identifying the
vulnerabilities that led to the breach. They will also investigate the behavior of your security system and how
well it contained the breach (for example, has your network segmentation limited the extents of the breach).
During this stage in data breach cleanup, you will also be looking at who has access to what parts of your
system and whether it is necessary to limit access to various third parties. Do not be surprised if the breach is
actually traced back to one of your third-party vendors.
This process might take a while, but you need to make sure it is complete before you get everything back online
Communicate with Stakeholders
Another thing you will want to do as part of your data breach management process is to communicate with any and
all stakeholders. For example, if your local laws require you to report the breach, do so. Do so even if they do
not. Law enforcement agencies need data to improve their future work and make sure to provide them with all data
that you can.
You should also remain in touch with your legal representatives and try to establish whether the breach might
cause your company to get in any kind of legal trouble. You will
also want to keep the lines of communication open to your employees, customers, shareholders and partners. Not
everyone needs to know everything, but they should be aware of the incident to some extent.
Keep Track of Everything
All of this will require quite a bit of organization and management. The best way to ensure no steps are skipped
and everyone is on the same page, you might want to use a project management system of some kind, of course, independent of your compromised
Make sure that teams are collaborating and that the information flows freely. There is nothing worse than trying
to fix something and end up making everything worse because people were working against one another without even