Blog
A 5 step guide of actions necessary in the face of Security or Privacy breaches
What can SMEs do if they experience a security or privacy breach?
January 10th, 2022
Security and privacy breaches are on the rise globally, with potentially serious implications for businesses that are not able to handle them promptly and efficiently.
This can feel like a vast and confusing maze to navigate, especially for small and medium businesses, if underprepared.
However, with just a few simple steps, businesses can ensure they are taking the most appropriate response to a breach and giving themselves the best chance of mitigating the impact of an attack. You can see the top five suggestions below from our Head of Security and CISO as a Service Consultant, David Clarke.
A 5 step guide
What to do the face of Security or Privacy breaches
- Once a breach is discovered, getting all the key stakeholders together to establish some ground rules about how to deal with the breach is key. This should be done whilst maintaining a ‘no blame’ approach to operations. Additionally, the incident should be given a code name for use in emails and discussions to maintain clarity.
- It’s then necessary to capture every piece of known, suspected or inferred information about the breach to get an overview of the situation. The targeted business should only work with verifiable facts, even if there are very few, and all decisions must be directly logged. Crucially, it’s vital to ensure that no suspicion or guesswork is released outside of the key stakeholders. Once ready to release information outside of the company, ensure that it is only via a named spokesperson.
- In the case of a personal data breach, the business should, in the first instance, work on the data subject risk analysis. For example, will this breach cause detriment to the data subject? It will then be necessary to verify and check all possible evidence and challenges. After the breach, only 20% or less of the data will remain available. This is why the business should start to size, scope and quantify the breach on an ongoing basis.
- Senior management should be briefed only with facts and factual based risk assessments. However, the business should also be prepared to notify the relevant authorities and/or Data Subjects in a controlled manner.
- Regulatory bodies will judge a business based on how breaches are managed, not the breach itself. Ensure to register the issue with authorities if required, for example if the risks are very high. Initial focus must be firmly on gaining a level of control, confidence, and containment over the breach.
Ultimately, businesses should reach out for professional assistance if needed. Work on containing the breach to make eradication easier.
If you’d like more support or out any further information on measures you can take to protect your business, get in touch.
Contact us today for a free security GAP analysis assessment.
QuoStar achieves ISO 27001 accreditation
Leading IT consultancy and support provider, QuoStar has achieved ISO 27001 accreditation for its secure data and information systems. ISO 27001 is the global standard for Information Security Management Systems (ISMS). By obtaining this accreditation, QuoStar clients can be assured that the company has structured its ISMS to the highest standards. QuoStar already breaks the […]
A 10-point guide to derisking cloud platform migrations
The benefits of migrating data and workloads to the cloud are by now well understood. But cost, complexity and skills are often a barrier. An estimated 72% of global organisations run hybrid environments today, meaning they blend public cloud deployments with private cloud and/or on-premise datacentres. That can add flexibility, but also risk. Fortunately, help […]
Windows Virtual Desktop review
Our Client Infrastructure Manager and Azure specialist reviews Microsoft’s Windows Virtual Desktop. Windows Virtual Desktop (WVD) is Microsoft’s newest Platform as a Service offering. It supports multi-session Windows 10 virtual machines and boasts significant improvements to the user experience and capabilities of certain Office 365 apps in a virtual desktop environment. WVD became globally available […]