What types of data breaches are there?

Data breaches can come in the form of:

  • A cyber-attack
  • A lone hacker
  • Phishing
  • Ransomware
  • Employee negligence
  • Physical theft

The data you hold that could be breached includes any sensitive or confidential information you possess; mainly documents and contacts. As a victim of a data breach, this data could simply be viewed, or it could be copied and/or shared, potentially leading to fraudulent activity. The attacker may even hold you to ransom and demand payment for the return of the data – failure to comply could result in your data being destroyed.

What is a reportable data breach?

All types of data breaches should be reported within your company and externally to those affected parties, as above. When it comes to the media, there is, of course, a very real possibility that they will pick up on the fact this has happened. We can help you prepare for handling the press and protect your reputation by drafting appropriate statements and quotes to make sure you appear in control of the situation. For more information, visit our data breach page.

What should a company do after a data breach?

Once you discover your data has been breached, there are several actions you need to take immediately:

  • Contact your IT providers, security and forensic experts to establish how the breach has occurred and they can work to fix the problem.
  • Notify all the relevant parties that have been affected including customers. This is critical. Failure to do this could result in penalties, fines and loss of business.
  • Once the problem is resolved, contact all parties again with an update, apologise for any inconvenience caused and reassure them that you have taken steps to prevent anything like this happening in future.
  • Hold a review meeting with your internal team, IT suppliers and communications agency to agree on a plan of action for any future attacks. Plan for all possible scenarios; assign clear instructions and actions for each team member, and have prepared statements and communications ready to issue to avoid delays and reputational damage.

It’s important to remain calm when working to resolve the issue – acting on emotions will only slow things down. Your IT providers will help with all of the technical issues, while we can help with all aspects of communications to keep affected parties up to date and ensure they feel confident doing business with you in future. For more information about how we can help with communications, please refer to our data breach page.

How do data breaches happen?

Any business or individual that holds sensitive or confidential information can fall victim to a data breach. As explained, data breaches can happen in various ways, from an employee accidentally allowing a hacker in with the click of a button, to phishing, to physical theft.

How can my company avoid a data breach?

There are a few simple actions you can take to help avoid a data breach:

  • Make sure your employees can identify a spam email and that they know not to open any attachments or click any links that they are not sure about. So often these are the causes of data breaches, with phishing emails becoming more and more sophisticated.
  • Passwords should be changed regularly and should not be easy to guess – a mixture of upper and lower case letters, combined with symbols is best. Also, they should not be shared with anybody else.
  • Keep sensitive data limited to a need-to-know basis. The fewer people that have access to such information, the less likely it is to be accidentally, or purposefully, leaked.
  • Ensure you have anti-virus software installed to protect your systems from potential hackers.

My business was facing a torrent of unfair criticism on Facebook.  It stemmed from one negative post by an ex-employee and escalated like wild fire. Your level-headed, practical advice helped get the negative comments removed.  Thank you from the bottom of my heart.

I thought the problem would go away if I ignored it. It didn’t. I was reluctant to use you but can honestly say, your support and advice helped pull me back from the brink. Your patience, clarity of thought and advice were just what I needed to get me through the emotional roller coaster.

One of my co-directors was found guilty of drink driving.  I was concerned that if it got out, we’d suffer from negative press and loss of business.  As it happened, there was no backlash but being able to contact you and have some pre-prepared statements and letters ready was reassuring.

Your calm and steady approach was everything I needed when my business was being unfairly criticised in the national press. You stopped me from responding in haste, which I realise now, was the worst thing I could have done! Thank you, thank you, thank you.