Even with the best precautions in place, a data security breach can still happen. After all, some of the biggest corporations in the world have suffered data breaches, and you’d have to assume their security is almost fail-safe. Hacked networks, lost or stolen devices, and human error can all contribute to a security breach.
What do you if you find your security has been compromised?
It’s hard to do, but remaining calm will be more useful than panicking. You’ll need to think clearly and act fast to alleviate any damage, and protect your reputation and revenue.
You should already have a protocol in place in the event of a breach. An incident-response strategy should cover all relevant legislative requirements, and mandatory reporting of security incidents.
The first thing you need to do is find how and where the breach occurred, and prevent any more damage. Full security needs to be restored before you can even think of damage-control. If it’s a network breach, it needs to be contained and disabled by your IT professionals.
Once the breach has been identified and contained, you’ll need to do repairs and get your network or system back up and running to ensure the company can continue to operate as normal.
Get an overview of the extent of the damage, who and what it affects, and the severity of the breach. This is also a good time to review your security measures and protocols to ensure the breach can’t happen again, and to increase security if needed. Some good can come from data breaches by revealing the weaknesses in your security.
Depending on the size and nature of your company, it’s now mandatory for businesses subject to the Privacy Act to notify individuals when a data breach occurs. Companies making more than $3 million annually, health services, credit reporting agencies, or any company that stores and handles personal information, must notify the Office of the Australian Information Commissioner (OAIC) if they’ve suffered a major data breach. They must also notify any and all individuals who are likely to be affected.
It might seem counter-intuitive, but one of the best ways to save your reputation is to voluntarily report data breaches. If you say nothing and word gets out either now, or in the future, the repercussions from the public will be severe. Volunteering the information, and assuring customers that the issue is resolved, shows transparency and goodwill. People can be very understanding and forgiving when they realise it was an honest mistake, and you’ve done everything to ensure it won’t happen again.
No matter how your breach occurred, it’s important to dispose of unwanted documents and devices securely. In Confidence is a professional document shredding company in Melbourne that securely shreds documents and products to ensure your data remains private. Call 1300 723 187, or contact us online.