Data Breach Response: Are You Prepared?

Many businesses have experienced a data breach. Whether it’s personal information stolen by hackers, customer information stolen by insiders, or information  that was exposed inadvertently on the company website, it is likely that you are wondering what you should do next.

Nowadays, it is no longer a matter of if a PDPA breach will occur but when. Businesses wonder how they can handle and contain a breach when it happens. If anything, having a plan ready in the event of a possible PDPA breach cannot be overstated.

So what steps should be taken in the event that personal data has been exposed? While the answers can vary from one case to another, the following should help you prepare for a data breach and provide some basic guidance so you can make smart and sound decisions.

Securing Your Operations

When dealing with a data breach, keep the following essentials in mind:

  1. Secure your systems and make sure you fix vulnerabilities that may have caused the breach. What’s worse than a data breach? Multiple data breaches! Ensure you take the essential steps so no further breaches occur.
  2. Secure the physical areas that may be related to the breach. The exact steps you will take will depend on the structure of your business and the nature of the data breach.
  3. Avoid additional data loss and breaches by mobilising your data breach response team right away. Depending on the nature and size of your company, this can include information security, legal, operations, communications, customer relations, management, and forensics.
  4. Consider hiring an independent data forensic investigator that can help you assess the scope and source of the breach. They can capture forensic images of the systems affected, analyse and collect evidence, and provide remediation steps.
  5. Work with a legal counsel. You may also consider hiring external legal counsels that are experts in privacy and data security. They can provide guidance on the state and federal laws that may be implicated by a breach.
  6. Stop additional data losses by taking all the affected equipment offline immediately. However, don’t turn off any machines until the forensic experts have arrived. Monitor all the entry and exit points especially those that are involved in the breach.
  7. Update passwords and credentials of authorised users. If a hacker has stolen the credentials, the system will stay vulnerable until they are changed.
  8. Interview the people who have discovered the breach and talk to anyone else who has information and knowledge about the breach. If you have a customer service center, ensure your staff knows where information that can aid the investigation should be forwarded. Make sure to document your investigation.
  9. If service providers are involved, examine the personal information they can access and figure out if you need to change the privileges. You need to also ensure service providers are taking the needed steps to ensure no other breach will occur.
  10. In the event of a breach, check your network segmentation. Work with the forensic experts to check if certain measures like encryption were enabled when the breach occurred. Also, determine who has access, whether that access is needed and restrict access if otherwise.
  11. Create a comprehensive plan that reaches everyone involved—customers, employees, business partners, investors, and stakeholders. Avoid making any misleading statements about the breach. Also, don’t withhold important details that can help consumers protect themselves and their information. Refrain from publicly sharing information that can put consumers at further risk.
  12. It is also recommended that you anticipate possible questions people will ask. Put plain language and top tier answers on your website where people can find them easily. Good communication upfront can minimise the customers’ frustrations and concerns and can save your company time and money in the long run.