How to handle a data breach.

Sooner or later, almost everyone has some kind of data breach. Whether it’s a virus that’s infected your system, a hacker who’s gained access to your server, or a piece of malware that’s hijacked your website, at some time, your IT people may have to deal with threats like these.

So how do you manage a breach when your system’s been compromised? Here’s how:

  1. Contain the breach
    Once the breach has been noticed, you need to contain it as quickly as possible. How you contain the breach depends on its exact nature and the systems affected.

    Start by isolating any affected or potentially affected systems to stop the breach from spreading.  You can also disconnect breached user accounts, lock off specific departments, or shut down affected software.

    Once it’s contained, the threat must be eliminated. Again, this can be done in a variety of ways depending on the nature of the attack. To contain a threat, you might:
    • Update your security software and run a full scan
    • Reformat affected assets and restore them from back-ups
    • Blacklist and block potential source IPs, domains, and email addresses.

  2. Assess the damage
    Once the breach has been contained, you need to find out what damage has been caused. Knowing how the attack occurred can help you block future attacks of the same kind.

    Thoroughly investigate any affected systems in case any residual infections remain. While you are assessing the damage, make sure you note the following:
    • What was the attack vector? Was the attack based on social-engineering, user accounts, or online usage?
    • Note any data that may have been hacked, particularly if it’s sensitive or high-risk.
    • Note the affected data types.
    • Was the data properly backed-up, and was it secure and encrypted?

  3. Communicate the impact:
    Ensure that you communicate the breach to your staff, making sure that you attend to any users affected by the breach.

    Next, notify any third-parties or individuals that may have been affected  as soon as possible, particularly if your company is a regulated body. In the communication, note the time and date of the breach, its type, what was affected, and what you’ve done to recover from the breach and how you intend to block similar breaches in the future. This allows your organization to maintain its integrity and reputation, and look professional while dealing with the issue.

  4. Audit and update your security systems:
    Now you need to audit and review your security systems. Patch or upgrade them if required, and put measures into place to block similar attacks in the future.

    Many companies believe that their IT security systems are adequate, but often this proves not to be the case. There is always room to improve your existing systems and add new ones to cover any gaps in your security.

  5. Create or update your disaster recovery plan:
    After an attack, you need your systems to be back up and running with data in place as soon as possible. Make sure that you have more-than-adequate backups and contingencies, so your business doesn’t suffer too much downtime.

    The audits and reviews you conduct will be valuable in guiding your recovery plans. Make sure that you include policy reviews, employee security training and of course, awareness. A high proportion of security breaches is due to human error, so educating and arming your employees with some cybersecurity knowledge is vital. 


In regards to protecting your company against security threats, please read our previous best practice posts on desktop security and network security.


TechPoint Can Help

If you need advice or assistance regarding your organization’ security, call us today to discuss on 1-888-801-1777, email us at sales@tech-point.ca, or use the form on this page to contact us.

You can also message us on Facebook, Twitter, and LinkedIn.