What To Do in the Event of a Cyber Security Breach

What are the implications of a cyber security breach?

Whether you are a small or large business, you are vulnerable to a security breach. In fact, 39% of businesses experienced a security breach last year. Apart from the financial costs that occur because of a security breach, businesses must also contend with reputational damage. Despite the average cost for a data breach being £2.4m, surprisingly over 70% of business do not have a cyber security response plan in place.

What should I do if I discover a cyber security breach?

Once you are aware of the breach, ideally you should contact your crisis response team. This team will have already formulated a plan and response to a cyber threat and know what to do. It should consist of members of your IT Support, HR, PR and Marketing, Senior Leadership and Data Protection teams. Your crisis response team will each know their responsibilities, who to talk to and what messages will need to be communicated. If they have not been the ones to spot the breach, it is likely you will need your employees to know something has happened. This is because any efforts to contain the breach will affect their work. They should also be given the opportunity to ask questions or bring up any suspicious activity they have noticed that might be related to the breach. Not all businesses will have an in-house response team. Many small companies will have one person who has several responsibilities such as IT, Marketing and HR. In this case, put your IT hat on first and aim to identify and contain the breach. If the breach is still in progress, you can call the Action Fraud helpline for live help.  

How do you contain a cyber security breach?

It is important to contain, but not delete information about, the breach. Identifying the origin of the breach will help you with containment. For example, has someone fallen for a phishing or whaling scam? This will likely mean your passwords are compromised. If someone has downloaded malware, then your devices and networks will need to be checked. One of the first things you should do is disconnect your business from the internet. Isolate your company data from the affected network by removing any remote access. If you’re able to, re-route network traffic elsewhere. Make records of your findings as you go. If you need an investigation team, they will look at this forensic information for answers. Next you will need to change your passwords. If you can, use an alternative ‘clean’ computer to reset any passwords if there is any doubt that your device has been compromised. We recommend using a secure password that is at least 12 characters in length, as highlighted in the image below. You should keep a record of what the passwords were at the time of the breach. This could help with your cyber security insurance policy but also highlight if weak passwords were part of the breach. Be careful that any passwords you change cannot still be compromised by the cyber attacker.

How safe is your password

Reporting a cyber security breach

It can take days, weeks and even months for a security breach to be noticed. On average, it can lie undetected for 175 days before being picked up. Once you are aware of the breach however, you must act quickly. The ICO, Action Fraud and the National Cyber Security Centre (NCSC) are important places to report a cyber security incident to. The NCSC tend to concentrate on severe incidents, such as ones on a national level. The ICO enforce GDPR and NIS regulations and require incidents to be reported within 72 hours. You will also need to notify your insurance providers of the incident. If you do not have it, read our  guide on what cyber security insurance is for. Before you notify the public or your clients of the issue, your PR and Marketing teams should have a full understanding of what has happened, be able to communicate it effectively and be able to reassure people that the appropriate action has been taken. If you’re a small business, the same goes for whoever breaks the news to your clients and customers. You should be open, transparent, and able to answer questions. If you do not know the answer to a question, or if the investigation is ongoing, it is fine to say that more updates will be given as they come. If your business will be offering compensation or help to your customers because of the breach, it is good to have details of that prepared for your announcement too.  

How can I prepare for a cyber security breach?

If your business does not have any kind of plan or response team already in place, it is an important first step in contingency planning. Response times and outcomes will be significantly better if your business is able to spring into action quickly when a breach is detected Having accredited and experienced IT support protecting your business will give you access to disaster response planning, reporting, and recovering after a cyber security breach. Learn more about cyber security in our ultimate guide or talk to us about how we deliver holistic, proactive and effective cyber security.


What To Do in the Event of a Cyber Security Breach