Skip to content

The Importance Of A Data Breach Response Plan

The Importance Of A Data Breach Response Plan

Data breaches are easily one of the most catastrophic things that can happen to any business. In some cases, this is a nightmare scenario that can cause harm for years to come. When your customers give you their personal information, they do so with the understanding that you will keep it safe. When you fail to do so, you have failed in one of your most basic obligations to the customer.

We are speaking in terms of business because this problem is far more likely to affect businesses. However, we will also cover private data breaches and talk about what you can do in response to them. Entire volumes could be written about ways to prevent data breaches, but for this article, we will assume that it’s already happened. And so, the question becomes: How do you deal with this problem?

Pointer #1: Be Honest From The Very Start

We decided to cover this issue first because so many companies get themselves in hot water by forgetting this rule. Contrary to popular belief, dishonest practices do not always help you to get ahead, and can even bring you down if they are exposed. Of course, we understand that there is a huge temptation to conceal this information from the public.

As an example, we might point to the huge Uber hack of 2015. The personal data of millions of drivers was compromised, resulting in massive data theft, which ranks as one of the worst on record. Customer data was also compromised, resulting in the personal data of 57 million people being lost. This situation was already bad, but Uber made it ten times worse by hiding the incident from the public for over a year.

Getting hacked is kind of embarrassing, especially for a large business. However, you will only make things harder on yourself by covering up the incident. Yes, you are going to lose face, but that’s going to happen no matter what. Your best bet is to minimize the potential damage to your company’s reputation with an honest admission.

Pointer #2: Go Dark Until The Problem Is Fixed

As long as you remain connected to the internet with a compromised device, anything you do to correct the problem might make things even worse. For instance, let’s say you start changing all your passwords. That’s a good idea, but what if the hacker is monitoring your activity? They might even be able to use a keylogger to capture your new passwords, making your efforts into a complete waste of time.

That’s why you should always begin by disconnecting yourself from the internet. When we say this, we are talking about a total disconnect. This includes mobile devices as well, so make sure everyone in the vicinity takes out their phones and disconnects from the compromised network.

Some people might say that this advice is bad because it doesn’t actually fix the problem. While going dark will not fix the problem, it will remove the ability of the attacker to do any further damage. By doing this, you can buy the time you need to figure out your next move. This next move should be determined in accordance with the best advice you can get from the most qualified IT professionals you can afford.

Pointer #3: Beware The Possibility Of An Inside Job

When a large-scale data breach happens, the first instinct is to imagine some shadowy criminal hacker sitting behind a grungy laptop in a black ski mask. Obviously, this image is not particularly accurate. While those kinds of people do exist, A lot of data breaches have turned out to be inside jobs. That is to say; They have turned out to be the work of a company insider.

First of all, corporate espionage is a thing. You might sound a little paranoid when talking about this stuff, but there are many companies and individuals that offer corporate espionage services. In many cases, rival companies can carry out these actions without technically breaking the law. Now, ask yourself this question: If you were some kind of corporate espionage professional, what would be easier: Gaining access from outside, or gaining access from within the targeted company?

Of course, corporate spies aren’t the only potential threat. Disgruntled employees have sometimes been known to do all sorts of things before (or after) leaving your company. In these cases, they might not even try to get any money or profit from the theft of all that data. They might simply be trying to embarrass the company, hurt their business, and thus get some revenge for whatever has angered them.

For this reason, you should cut off all employee access to the company network upon finding evidence of a data breach. If the job has been done from within, the hacker will be there when you tell your employees about the incident (which must be done). They will then have an opportunity to “cover their tracks” by removing all the digital evidence. At this point, your whole system is a crime scene, so keep all unauthorized persons away!

Pointer #4: Do A Comprehensive Search

If you have suffered a data breach, you need to determine the method by which it occurred. Not only will this help the authorities to identify the perpetrator, but it will also help you to close that gap in your security so that it cannot be exploited again. Obviously, this step should be undertaken in accordance with the most reliable IT professionals that you can find.

The first thing that should be done is a full scan for malware. This can be done with antivirus software, but a professional can check a little more deeply than a computer program. Still, good security software can save your IT people a lot of time by identifying the majority of the issues.

Malware is not the only way in which you can be hacked. Sometimes, hackers will insert malicious code into browsers or other programs. This kind of thing is much more difficult to find, so don’t expect it to be easy. Of course, you can narrow it down a little bit by focusing on the apps that are used the most. If someone is using a program or app as their attack vector, they will probably choose the most frequently used program. Thus, the most frequently used program is the first place you should look.

What About Ransomware?

Ransomware is another hacking method, and it’s easily one of the worst. Instead of using encryption to lock out intruders, ransomware uses encryption to lock out legitimate users. This kind of thing is usually preceded by a phishing attack so that they can get the necessary authorization to install the ransomware program. Once they have taken control of the system and encrypted it, there will be no way to regain access without meeting their demands. Of course, you should have your important data backed up in hard-copy form, but that won’t stop a hacker from releasing all that stolen data. Even if you don’t lose the data, the damage to your company’s reputation will still be done.


If you have been targeted by a ransomware attack, there isn’t much that you can do except call the authorities. With any luck, they will be able to trace the actions of the hacker, as they have resources that even the most skillful hacker does not. Alternatively, you can try to hack the attackers right back! When you receive their demands, pretend to submit. Make them think that they are in control, and that they have you right where they want you. Then, in the process of meeting their demands, get them to click on a link or perform some other action that will allow you to capture their data.

If you want to use these kinds of counterattacks, you will definitely need to find someone with exceptional skills in this department. This isn’t as hard as it sounds, as there are “white hat” hackers who use their knowledge to defeat criminal hackers. Chances are, the attacker will not expect a counterattack. However, should the counterattack fail, you can expect that the hackers will be very angry indeed.

Private Hacking Incidents

As we said before, this article is mostly focused on the dangers of data breaches as they relate to businesses. A private individual has a lot less valuable data to steal, and also a lot less money. The bottom line is that private citizens are less likely to have their data stolen, mostly because hackers know there isn’t nearly as much to be gained from their efforts. Still, there will always be a few “fiddling Bens” here and there.

To explain that rather obscure term, a “fiddling Ben” is the kind of thief that will steal anything from anyone. They don’t bother going after high-value targets, preferring instead to focus on the easy targets. In general, privately-owned home computers and networks are far easier targets than a large corporation.

If you have suffered a data breach, the first thing you should do is disconnect yourself from the internet entirely. Turn off the router, unplug all the cables from the back, and activate airplane mode on your device. This will cut you off from any further intrusions, as even the best hacker cannot hack a person who is offline.

Next, you will need to assess the damage. Try to determine what has been affected and how it has been affected. If you don’t know much about this kind of thing, you might need to hire the services of an IT professional. Do not reconnect to the internet with that device until you have the information you need.

If possible, you should use a public network to do the next step. Go to a library, internet cafe, or some other place with free Wi-Fi. Don’t bring your device from home! Instead, use one of the publicly available computers. Now, you will need to create a new email address. Make sure you use a strong password, or this one will be hacked as well. Now, you can go about changing all of your important passwords. Social media accounts, online banking accounts, etc. Anything important should be re-registered to the new email address with a new and stronger password.

As you can see, all of these measures are preventative measures. Once your data has been stolen, there isn’t much you can do about that. However, you can certainly take measures to keep yourself from being hacked again.


While this situation will never be an easy one, it can be made much easier with the adoption of a comprehensive plan. Even if you aren’t able to mitigate the damage altogether, you can at least lessen the damage. We hope that you are able to use this information to bring your affairs back to normal in the quickest way possible. We also hope that you will fill out the contact form below to learn more about this complex and ever-changing subject.