2018 will be remembered as the year of high profile data breaches, with millions of personal records being compromised and everything from names and ages, to payment cards and passport details being leaked.
Whilst having the best cybersecurity protocols and provisions in place is vital, according to a report by the ICO (Information Commissioner’s Office), 88% of UK data breaches were caused by human errors over the last two years. Would you know what to do if you experienced a data breach?
In the unlucky event that a data breach occurs, there are a number of steps you should take to minimise its impact and to ensure you have done everything necessary to comply with the GDPR (General Data Protection Regulation):
- Identify the scale of the breach
This means looking at what type of data and the number of records that have been compromised. If a third party has found your customers’ information on the dark web, you are likely to know what information has been compromised, but if an employee has fallen victim to a phishing email, you’ll need to determine what access the cyber-criminal has achieved.
- Respond immediately
Once you have discovered data has been exposed, you need to isolate the areas affected as soon as possible. You then need to implement your business continuity plan to ensure that critical elements of your business continue to operate during the disruption.
- Assess if the breach needs to be reported
When the breach is under control, you need to access the damage and determine if you need to notify the ICO and affected individuals. Breaches only need to be reported to the ICO if they ‘pose a risk to the rights and freedoms of natural living persons’ and to individuals if there is a possibility of individuals facing economic or social damage due to the breach.
- Inform the ICO
If you do need to report a data breach to the ICO, you need to do so within 72 hours of becoming aware of it. You can do this by calling 0303 123 1113, Monday to Friday between 9am and 5pm. The ICO will then record the breach and give you advice for what to do next. If you need to report a breach outside these hours, you can report it online here.
- Notify individuals
If you’re required to contact affected individuals, at the very least, you need to issue a statement to everyone affected. However, if you want to maintain your relationship with your customers, it can be beneficial to set up a web page and helpline so individuals can ask questions about their data.
Worried about your data security?
If you would like to talk to us about enhancing the security of your computer systems and your business to minimise the risk of a data breach, please contact our team on 01522 883636.