My organisation has been breached! Now what?

 In Blog Post, News and Trends, Security Updates

Has your business experienced a data breach yet? We all know it’s important to commit resources to preventing a breach, however it’s equally as important to know what to do after a breach occurs.

Whilst a data breach can strike fear into business owners, CEOs, and Executive Directors, the key to keeping disaster at a minimum is moving concisely and deliberately. You don’t want to rush your response, but equally you should not delay, and having a plan in place for this particular threat will help speed your recovery.

Here is a step-by-step guide to help your organisation resume normal activities after a cyber security issue.

1. Determine what was accessed, what was stolen, and how it occurred.
Take a deep breath, slow down, and determine to thoroughly look into what happened. You need to work out what data was compromised, and identify areas of weakness in your organisation to make necessary changes and prevent it recurring. If you have an action plan, even better. Follow your agreed action plan.

2. Be upfront with customers. As embarrassing as it may be, your customers deserve to know, and they deserve to know as soon as you are clear on the details. Don’t rush to advise customers until you have all the details, but equally do not overly delay on this. There’s nothing worse for PR than a data breach notification sent to clients many weeks or months after it occurred. Or better still, their notification being delivered via the evening News!

3. Improve security, and offer greater protection for your customers. Move quickly with this. If you want to prevent the breach from recurring, you will need to establish increased security. Multi-factor authentication is a great place to start, as it will enhance security stopping the intruders coming straight through the front door. It’s also a good way to win back trust. Additionally you will need to train staff. This should be part of your ongoing Security Strategy (prior to an event). In a perfect world this would be part of your Corporate Security policy implement. But also keep in mind the majority of data breaches are a result of mistakes by employees.

4. Contact any relevant data breach notification bodies in your area/country/jurisdiction. Depending on where your organisation is located and whom you do business with, you will most likely need to refer to one or more official bodies. They can then advise you of any further steps and legal obligations.


To find out more about our world’s best multi-factor authentication solution visit:


Recommended Posts

Start typing and press Enter to search