July 12, 2018

What To Do After A Data Breach: A Step-By-Step Guide

In Singapore, regulations around the collection, use and safeguarding of personal information are enforced by the Personal Data Protection Commission (PDPC). Unfortunately for some companies, the PDPC also fines organisations that fall short in their responsibilities.

While data breach prevention is critical, it's also crucial to know what to do after a data breach in order to minimise the damage - both financial and reputational - and regain the trust of your customers if it happens to you.

1)    Address the Breach Directly

The first thing you should do is fix the leak. It is of the utmost importance to identify and address the flaw in your security that allowed the breach to happen in the first place. If left unresolved, the breach could escalate and become more damaging to your organisation. In these cases, it is always best to take an unflinching look at what went wrong to make sure it doesn’t happen again. While a security risk assessment  typically helps identify security gaps before a breach, it can also help you learn what flaws may have lead to a data breach after the fact. 

2)    Notify the Proper Authorities

You will also need to acknowledge that a breach took place. In some jurisdictions and industries, it is a legal requirement to report any data breach to the proper authorities and in some cases your clients as well. If the fault lies with the company, take responsibility for it. Use it as a learning experience and explain to the public how the breach took place, what steps you are taking to make sure it doesn’t happen again and how you are helping affected parties deal with any consequences. Although initially painful, transparency is the first step in regaining the trust of your customers and rebuilding your company’s reputation.

3)    Assess your losses

Once the causes of the breach have been addressed, you should determine what damage was done to you and your clients. For example, what type of information was stolen? How long has the weakness been exploited? How many people are affected? Who exactly is affected by the breach? It is your job to be fully up to date with the cause and consequences of the breach so that you can start the process of addressing the damage done.

4)    Learn from the data breach

Now that you’ve discovered where and how the data breach occurred, the last thing you and your organisation should do is get too comfortable and assume it will never happen again. If you do not learn from your mistakes, the chances of a data breach occurring again is high. This is particularly true since a significant portion of data breaches are unintentional. Reviewing information security policies and processes on a regular basis can go a long way towards preventing future breaches.

5)    Train your employees

Your employees are your first line of defence when it comes to spotting a data breach just as they are often the cause of data breaches, whether intentionally or through inattention or carelessness. They have a huge part to play in the chain of security. Therefore, training your employees in proper protocols and rules for handling sensitive information and teaching them about the potential consequences of a data breach will help to protect your business and your clients. It is your responsibility to make sure your employees are aware of the risks and the proper way to collect, handle and ultimately dispose of sensitive and personal information.

You may think a data breach won't happen to you, but the truth is, a breach can strike any organisation - big or small - that isn't take the proper steps to secure its information. Learn more about the risk, and how a secure document destruction company can assist you in protecting your entire workplace.