Home Did you know ? How To Handle A Data Breach In Your Company

How To Handle A Data Breach In Your Company

by Mic Johnson
OWASP disclosed data breach

A data breach refers to a security incident that exposes protected or confidential details. In most cases, a data breach happens when an authorized person gets illegal access to your database and compromises sensitive information.

If a data breach happens to your company, some of its crucial information such as financial records will be accessible to unauthorized people, and this could see your company running bankrupt.

Regardless of your company’s size, it’s worth understanding how a data breach happens and how you can manage it if it occurs.

How Does Data Breach Occur?

Some of the most common causes of data breach include:

i. Weak Passwords

Using weak passwords make it possible for hackers and malware to gain illegal access to your company’s protected network.

ii. Human Error

Human error, for instance, theft/loss of paperwork, use of unencrypted hardware devices, or sending sensitive and confidential data via fax/ emails to the wrong recipients, can facilitate a data breach.

Iii. Unfixed Outdated System Vulnerabilities

If your organization is relying on outdated software, it will be easier for cybercriminals to attack your network using malware.

iv. Malware

Hackers are now using phishing tactics to lure individuals into installing malware via emails. Likewise, cybercrooks can capture your sensitive details when you are connected to public wireless networks. Most hackers are now using modified malware that is undetectable by whatever the antivirus program you use.

v. Insiders & privilege misuse

Sometimes a company insider may decide to steal sensitive information and benefit from it in one way or the other – maybe they can sell it or use the same to begin and run their own companies.

How to Handle A Data Breach if It Has Already Happened to Your Company                          

1. Stop the Breach Immediately

As soon as you notice that a data breach has occurred, it’s essential to stop it immediately. How a company should contain the data breach primarily depends on the specific attack or the systems affected. You should begin by isolating any system(s) that you think has been illegally accessed by the attackers – this will help prevent the data breach from spreading to other systems. Disconnect users’ accounts or shut down specific departments that you think are the most targeted. If you have an elaborate security system containing several layers identifying and isolating the attacks will be quick and efficient. 

Once you have contained the attacks successfully, eliminate the threat(s) to avoid further damages. Again, keep in mind that the eradication approach you will adopt will depend on the specific type of attack; you could reformat all the affected assets and restore them or consider blacklisting the IP addresses from where the threats originated.

2. Assess The Damages

After the attacks have been completely stopped and eradicated, it’s now the right time to investigate them and evaluate the damages they may have caused to your company.                                           

It would help if you investigated how the attacks happened, as this is what will help you formulate viable strategies that will help prevent similar attacks in the future. Likewise, you must investigate the attacked system to ensure all the malware has been obliterated.

When doing the assessment, try to answer questions such as;

– What sort of data was breached?

– How sensitive was the breached data?

– Can the breached data be restored?

– Was the breached data encrypted?

– How about the attackers’ vector? Etc.

3.    Engage Those Affected

 Once you have assessed the data breach, you should identify all the affected individuals. Speak to them about the data breach and accept it as your company’s fault –this will help to retain your business reputation and avoid instances of being sued at an employment law firm.

Whereas you don’t have to disclose all the dirty details regarding the data breach, you should at least let them know;

  • They type of data that was breached
  • The sort of data breach that took place
  • The number of affected records
  • What they can do to help you prevent such occurrences in the future and
  • The measures you are putting in place to ensure such an event won’t happen to your company again.

4.     Security Audit

After you have recovered from the data breach, it’s advisable to perform a security audit to confirm that your company’s current security systems are fully functional. Security system audits should be done regularly – you don’t have to wait for a data breach to occur so that you can audit them.

Examine networks and server systems, rDNS records, open ports, IP blocks, and certificates of your company – this will help you identify your sensitive data that may be exposed online.

5. Come Up With A Viable Recovery Plan That You Will Use to Combat Future Attacks

Now that you have suffered from the attack and experienced the magnitude of the damages, the importance of getting ready for the future attacks cannot be stressed enough. If the hacker was successful in the first attempt, there is a likelihood that the same (or different) attacker will try to hit you again in the future (using the same or different attacking tactics).

In an attempt to discover new recovery plans, you may have to;

– Introduce new security policies

– Train your employees

– Strengthen passwords

– Fortify your firewall etc.


Data breaches can have considerable financial and reputational consequences when they occur. Thus, there is a need to consider managing your company’s data carefully. Do not wait until you fall victim; rather, adopt the right measures to safeguard your company’s sensitive details.


You may also like