How to Handle Data Breaches
Share this Post
The General Data Protection Regulation provides a framework for how organizations should collect and maintain data of individuals who choose to provide it.
Many of the regulations related to the GDPR are designed to ensure that data is property protected and only accessed by authorized parties.
The continuing rise in incidents of data breaches partly gave rise to GDPR. For example, the UK saw a tenfold increase in data breaches in the period between 2007 and 2012.
While the GDPR has only been around in theory since 2016, and only enforced since 2018, cybercriminals haven’t yet been dissuaded by the regulations. In fact, they are busier than ever, with nearly 59,000 data breach reports reported to European data protection authorities in just the first eight months after GDPR took effect.
Along with making sure your protections are up to date, it’s also essential to know what to do in the event of a breach and what consequences might result if you don’t react properly. Consider each of these stages and relate them to your approach to protecting proprietary data and your enterprise.
Related: Identity Theft Statistics
Identifying a Data Breach
One of the things you should realize about a data breach is that it’s not always immediately detectable. In fact, it may take some time to discover that a breach has taken place. According to the Ponemon Institute’s 2017 Cost of Data Breach Study, it takes an average of 191 days for a breach to be discovered. While that may not seem like much in comparison to Yahoo’s breach that lasted for two years, it’s more than enough time to do a lot of damage.
There are things you can do to improve the odds of detecting a breach early on. Keep your security software up to date is one. New threats are regularly discovered, both by enterprise security teams as well as bug bounty hunters, and your software must be upgraded frequently to address those threats. But even if the software doesn’t stop it, alerting your team that something has happened makes it easier to take swift action.
There should be processes in place for handling suspicious emails, investigating network-connected devices that suddenly slow down, and ways for your team to report anything that seems “off.” Little things may appear to be nothing more than a momentary system glitch, or they could be signs that something has breached the network.
Assessment and Investigation
Once a breach is detected, it’s time to evaluate the nature of the problem and what allowed it to take place. This often means finding vulnerabilities in the system that you never recognized before.
In fact, it could be something that was not considered a vulnerability a few months ago. The development of new viruses and other malware since that time ended up identifying a weak point and made it possible to exploit.
The investigation will address what took place, how it occurred, and what impact the breach will have on operations. The data you collect can be used to deal with the problem and hopefully contain it sooner rather than later.
Sealing the Breach
After answering the what, when, and how of the data breach, you are in a better position to stop it. Part of the process involves following the escalation list for data breaches you hopefully already have in place. This effectively cuts off access to data and prevents further collection.
At the same time, your response procedures should take steps to strengthen your network against the common forms of attack. In the past five years, the most common forms of vulnerabilities for SMEs have been SQL injections, Cross-Site Scripting, and DDoS (denial of service) attacks.
Your particular vulnerable points might differ from another network’s, but the types of attack are often known and preventable, with the right security in place.Figure out what specific type of threat you’re dealing with and make sure you’re ready for it when it comes back, as it probably will.
Notifications to Affected Parties
One of the “big deal” provisions within the GDPR is that entities have a short window of time for alerting individuals that their data may have been compromised or stolen.
Once you identify the breach and begin the process of evaluating and sealing it, notify any customers or partners who have provided you with sensitive data and might be affected. You have 72 hours from the time you detect the breach to start the notification process.
Ideally, notification will offer suggestions on how the individual can protect themselves from the possible theft of the data. That includes updating usernames and passwords that may be used on multiple platforms. If you have managed to seal the breach, it helps to let people know that the collection of data has been stopped.
Evaluating and Preparing for Regulatory and Litigation Fallout
There are bound to be some repercussions associated with the data breach. Depending on how GDPR compliant you happen to be and how quickly you took the necessary efforts to protect the data, they may be relatively minor in terms of fines and other regulatory measures. On the other hand, lax security could place you among the entities that end up paying hefty fines.
A data breach also leaves you open to possible litigation by individuals and others affected by the event. This could happen regardless of company size, or if you’re a non-profit organization, or even a municipality. In fact, litigation may commence within hours after the breach is announced.
Even as your network experts isolate and repair the breach, your legal/notification team should be kept up to date on what has occurred, how severe the loss of data happens to be, and what efforts are being made to prevent more. That allows them to prepare to deal with any legal ramifications resulting from the breach.
The Bottom Line
Data breaches are serious. Don’t assume that you can afford to let anything connected with network security slide. Invest in the latest protections and make sure they are updated on a regular basis.
Related: Best VPN Services for Australians
Put strong monitoring procedures in place so that a threat is not left undetected for long. These proactive preventative measures coupled with prompt action in the event a breach does occur will go a long way towards protecting the entity, those who supply you with their data, and making it easier to deal with whatever consequences arise.