A data breach occurs when confidential, private or protected information is exposed to a person who shouldn’t have access to it. This can occur through an accident, hacking or human error. Cyber attackers often exploit data breaches for financial gain and to cause harm to people or companies.
Data breaches happen to organizations of every size across all industries. They can devastate your corporate image, hamper the continuity of your business model and potentially lead to significant financial losses.
Start by investigating the attack and identifying its source. This involves interviewing people who discovered the breach and verifying security tool alerts. Then, restrict or reset compromised accounts and impose access restrictions to contain the breach, prevent ongoing attacks and strengthen defenses.
It’s also important to determine the duration of the breach. This requires correlating log files to pinpoint attacker activities over time. Depending on the duration, you may need to notify consumers sooner or take additional actions to limit their potential exposure.
Consider whether to include additional measures like encrypting email and other applications. Ensure that employees use only company-approved devices for work, that these are password-protected and backed up in case of theft. Encourage employees to use the company’s secure Wi-Fi network for all internet browsing and not to connect to public networks. Moreover, ensure that any portable devices (like flash drives) have hard-to-guess passwords and anti-theft apps in place and are regularly wiped or shredded.
Lastly, if you used third-party services during the attack, make sure to examine what personal information they have access to and that they’ve remediated any vulnerabilities. This is especially important if the incident involved medical or other sensitive data subject to regulatory requirements like HIPAA.