First Steps for when you have a Data Breach
What do I do if I have a data breach?
Apparently over half of businesses will have some form of breach in any year-
so, get prepared. Know those first steps for when you have a data breach.
First Steps:
- Change your Make it something strong and individual. Consider using a password manager.
- Use two-factor authentication in addition to the password. Use of FIDO2 is advised. FIDO=Fast Identity Online. This aims to eliminate the use of passwords over the internet and so the threats that go with them. The use of the FIDO2 login standard should protect against common online attacks such as phishing and man-in-the-middle attacks.
- Check if the source of the breach if from outside your organisation has issued any guidance as all breaches will be different- and follow that guidance.
- Look carefully at any advice that comes through. Be very wary of any that requires urgency and take your time. You may be threatened with account suspensions or security alerts. Find a contact number for any of the organisations that purport to send through any alerts and speak to them to verify whatever is being said before you take any action. Most are likely to be false.
- Be wary of any emails etc purporting to come from the source of the breach offering help. They may pose in order to obtain more information from you. Again, check independently to see if that organisation is contacting victims.
- Do not store information such as store cards on the websites and hence the computer. Anyone with access may steal these.
Important points to remember
Remember in addition to the first steps for when you have a data breach as above if any breach can be deemed serious the Information Commissioner’s Office must be informed of the breach within 72 hours.
Even worse you must also tell any client whose data has been affected by the breach. They are unlikely to view kindly to their details floating around on the Dark Web and be exposed to criminals.
Steps before a Breach- make sure you have a Backup of your system in place before any disaster hits and a Recovery Plan ready for you to action, so you are not left scrabbling around after the event. See the next piece on this coming soon.
Contact us for any help with GDPR compliance.