Skip to content

Do Your Employees Know What To Do In Case Of A Data Breach?

Do Your Employees Know What To Do In Case Of A Data Breach?

Data breaches are some of the most unpleasant and damaging events that a business can experience. Confidentiality is very important to most people, and nothing undermines trust like the loss of that confidentiality. Some companies have found data breaches to be so damaging that they can never fully recover their reputation.

In order to prevent this, you should be practicing good, tight internet security at all times. However, in spite of all that, it is still possible for an intruder to get through. When that happens, both you and your organization need to have a comprehensive response plan. This article is meant to be a guide for that response plan, so let’s get started.

Step 1: Cut Your Losses

When a data breach has occurred, the absolute worst response is to do nothing. You need to realize that your entire system is compromised, and that the damage can always get worse. It can take a long time for a hacker to download large amounts of information, especially when they are forced to use subtle methods. Thus, cutting off the internet can do a lot to mitigate the damage. You should start by completely disconnecting the internet.

Once that has been done, your next step is to assemble your best IT experts to form a response team. If you do not have the right people available, you might want to hire an outside expert or two, but make sure that they come from a credible source. The point of all this is to make sure that the situation does not become any worse. However, you should not switch any of the machines off. We will explain why in the next section.

Step 2: Investigate Thoroughly

Now that you have stopped the intruder from going any further into your system, the next step is to gather some information. Chances are, you still don’t know who hacked you, how they did it, or why. Your response team should include at least one expert in computer forensics, and they will be able to follow the trail of clues left by the attacker. That is why we told you not to turn the machines off, incidentally.

Your team will need to figure out how the breach occurred, and that usually isn’t too hard to do. Even the best hacker will leave certain traces behind, and these can be found by someone who knows where to look. The most important thing is to find out how they got into the network in the first place.

Phishing emails are probably the most common way for a hacker to get their foot in the door, but there are plenty of other possibilities. malicious scripts hidden in a browser can also be an attack vector, as can numerous other things. Once your forensic team knows how the attacker got in, they can probably figure out what the attacker did after that.

You will also need to gauge the level of damage done by the intruder. These attacks often involve the posting of confidential data to the open web, so you definitely need to find out if your info has been published anywhere. If so, you might not be able to do anything to have it removed. There are laws against these things, but hackers will often use “dark web” sites that are nearly impossible to trace.

Step 3: Notify All Appropriate Persons And Agencies

When something like this happens, it is very important to safeguard yourself from a legal perspective. If the personal data of your customers or associates has been compromised, you could be held legally liable for failing to protect that data. Of course, it may not be your fault at all, but the law may not recognize that fact. No matter how embarassing it might be, you need to be honest and immediately disclose these incidents to the public, and to all appropriate authorities.

For an example of how not to handle a data breach, we might mention the Uber hack of 2014/2016. When their system was compromised, hackers obtained the personal details of roughly 50,000 Uber drivers. Thankfully, no customer info was compromised (at least, as far as we know). At this point, they could have avoided a lot of trouble by being honest, but they chose to hide the breach. When an even larger breach happened in 2016, Uber was still being investigated by the FTC for the 2014 incident.

The 2016 incident was much bigger, exposing millions of records. Instead of being honest, they again decided to try and hush the matter. They used an existing “bug bounty” program to quietly pay the hackers a huge ransom, but the FTC eventually caught them. Now, their former CEO is facing felony charges, which illustrates one important point for you to remember: Concealing a data breach is a crime, and might very well be a felony. You need to notify:

  • The police
  • The FBI
  • The Federal Trade Commission

Step 4: Employ Some Physical Security

Although it isn’t always the case, there are many times in which a hacking attack turns out to be an inside job. For example, consider the case of Jiaqiang Xu, A Chinese national who stole code from IBM. He then used that code to make his own knock-off software, which was sold to various customers under false pretenses.

We could give numerous other examples of insider hacking and/or data theft, but we think you get the idea. If someone wants to steal information from you, infiltration is the surest and most time-honored way to do so. The worst part is that you usually never know if you are dealing with a “mole” or not.

The best way to prevent insider theft is with good physical security. For one thing, you want any computers containing sensitive data to be fully encrypted. When we say that, we mean full-disk encryption, not just the creation of an encrypted container. On that subject, we should talk about the boot sector.

It is not possible to encrypt a boot sector, as that would render any computer unable to start. This might seem like an unpatchable weak point in your armor, but it is not. You can choose to put the boot sector on an external hard disk, and you don’t need a very large one. A basic thumb drive should be enough to fit this partition, and can be removed and taken with you. Thus, the computer will be impossible to boot without that flash drive.

You can also secure the rooms in which sensitive equipment is kept. You might use combination locks on the doors, bars on the windows, and camera surveillance on all entrances and exits. This will ensure that only authorized persons are able to access sensitive data. For cases where extreme measures are needed, you might even consider some form of biometric identification.

Step 5: Close The Vulnerabilities

At this point, you should know how the system was compromised. If not, you need to go back to step 2 and do some more digging. Once you have identified the vulnerability that the hacker used, you can set about closing that loophole. Obviously, your exact actions will depend on the nature of the breach.

First of all, you might want to consider switching ISP’s. Even if your system is sufficiently hardened, your ISP might not be. Thus, the hacker can circumvent your security by taking control of the server owned by your ISP. The fact is that normal ISP’s just aren’t usually equipped to handle a serious attacker. That’s why you might want to consider employing the services of a managed service provider (MSP).

Another good thing to consider is system segmentation. This approach might also be called “compartmentalization,” and the name says it all. When you divide your network or computer system into several parts, with each one able to operate independently, it is much harder for an attacker to make any headway.

Of course, this segmented approach can only work if it is done correctly. Each section must be totally self-sufficient, or else the hacker will be able to use one as a “gateway” to the other. Each section must also be encrypted, and we would recommend 256-bit AES encryption for maximum security. Thus, each layer of encryption represents another fortified gate through which the hacker will have to break. Due to the large amount of time that it can take to break through a series of sophisticated encryptions, this approach can often defeat the most determined hackers.

Obviously, you need to change any passwords that have been compromised. That part goes without saying, but you shouldn’t stop there. You should go ahead and change every important password that you have. When it comes down to it, you don’t always know what the attacker saw and what they didn’t see. There are ways to tell, but those ways are not always 100% sure. Thus, it’s better to err on the side of caution and change all your usernames, passwords, and other login credentials.

Multi-factor authentication is another thing to consider. Although it isn’t a perfect way to defeat cyber-attackers, it is definitely helpful. Faking one type of authentication is pretty easy, but faking multiple methods would take a little more expertise, and a lot of amateur hackers don’t have that. The idea is to make things as difficult for an intruder as possible. The hope is that this will defeat their efforts, or at least frustrate them enough to make them choose another target.

Use Your Backups If Necessary

When a data breach occurs, at least some of your data is bound to be missing. This is especially the case if you are talking about a ransomware attack, in which hackers lock your entire system and charge you a hefty price to regain access. Even if more traditional methods are used, a good hacker will try to delete every trace of their coming or going.

All of this adds up to one thing: Your system is severely damaged by a data breach, and you might not even be aware of the full extent. Yes, you will have already done an investigation at this point, but those don’t always uncover everything. That’s why you should be making regular backups and storing them off-site. Most MSP’s will offer cloud-based backup that can allow you to recover much more quickly.

Of course, it should be noted that backup restoration is not enough. Obviously, your system had a security flaw, or else the hacker probably couldn’t have breached it in the first place. Thus, any backups you choose to utilize will have to be updated. It’s also a good idea to do the deepest possible search for malware, because you never really know how long it has been there.


When you look at the massive damage that some companies have suffered as a result of high-profile data breaches, it is easy to feel a little scared. However, this situation doesn’t have to be a company-ending disaster. Instead of running around like a chicken with its head cut off, you can take a calm and composed approach. Ultimately, this will result in less damage and a faster recovery for your company.

Whether you need superior security, disaster recovery services, or small business computer support, PCH Technologies can help. Although the steps listed here can be helpful to anyone, it will take serious expertise to use them to the fullest. We can offer that serious expertise and help you to get your business back on track quickly. To learn more, call (856) 754-7500 today.