Blog

What to do after a data breach

Written by Milan Vukovic | February 22, 2021

In 2020, the average cost of a data breach in Australia was $3.35 million, an increase of nine per cent from the previous year. Furthermore, it took businesses an average 211 days to identify and contain the breach if they didn’t have security automation in place. The impact of these security breaches was far-reaching, with 80 per cent of incidents involving the exposure of customers’ personal information. The costs to an individual whose personal data has been intercepted can be devastating, with consequences ranging from financial fraud and identity theft, to psychological and even physical harm. It’s crucial, therefore, that organisations do everything in their power to protect customer information.

But while most organisations understand this in theory, properly securing data is fraught with complexities, with many business leaders unsure of what to do after a data breach, or how to identify one. According to a 2019 report, 47 per cent of Australian SMEs don’t understand their obligations under the Notifiable Data Breaches scheme, while 49 per cent didn’t have a data breach response plan in place, despite the same number experiencing a cyber incident in the last year.

With cybersecurity threats increasing in the wake of the COVID-19 pandemic and large-scale shifts to hybrid work environments, it’s critical that business and IT leaders understand how to identify a data breach and what to do after a data breach occurs.

How to identify a data breach

As is evident in the 2020 IBM data breach report, detecting and containing a breach can be difficult. However, businesses with fully deployed security automation systems, including artificial intelligence (AI), machine learning and analytics, were 27 per cent faster at responding to breaches and experienced less than half the costs compared to companies without security automation.

By deploying these types of security and data breach detection tools to regularly monitor your network for signs of compromise, you can improve your organisation’s ability to quickly and effectively detect breaches. After all, if you know what your baseline traffic looks like, it becomes much easier to identify abnormal activity.

Here are a few signs that your network could potentially be compromised:

  • Presence of unknown or unauthorised IP addresses on wireless networks
  • Multiple failed login attempts for system authentication and event logs
  • Suspicious activity on the network after-hours
  • Unusual network activity
  • Unexplained system reboots or shutdowns
  • Services and applications configured to launch automatically without authorisation
  • Suspicious emails
  • Slow computer or network operations
  • Increased help requests for anomalies, such as missing files or emails

What to do after a data breach

Quickly detecting a data breach is only part of the equation – once a breach is detected, it must then be resolved. But as we already established, almost half of Australian small businesses are woefully underprepared.

It’s crucial, therefore, the organisations create a highly detailed data breach response plan. The Office of the Australian Information Commissioner (OAIC) recommends that a data breach response plan follows four key steps: Contain, Assess, Notify, and Review.

Contain

The first step upon detecting a data breach is containing it as much as possible by limiting any further access or distribution of the affected personal information and preventing the compromise of other information. To do this, you may need to change access credentials or shut down the affected system altogether.

Assess

The next step is evaluating the extent of the damage, and attempting to mitigate it where possible. This means gathering as much information about the breach as possible, and considering whether remedial action, such as recovering lost information or changing credentials on compromised accounts, can be taken to reduce potential harm to individuals.

Notify

If the assessment reveals that the data breach is likely to result in serious harm to the individuals involved and remedial action has not resolved this, then according to the guidelines of the Notifiable Data Breaches scheme, organisations must notify the OAIC and the affected individuals.

Notifying individuals about a data breach is a highly important step, not only because it allows individuals to take proactive steps to prevent potential harm to themselves, but because it also helps an organisation repair its reputation. Remember, it never looks good if an organisation is caught covering up a breach, as Uber was in 2017.

Review

Once the data breach has been appropriately dealt with, organisations should then take the time to review the incident in order to reinforce or update security measures to prevent future breaches.

Prevention is better than a cure

While data breaches are relatively common, there are a number of data security strategies that organisations can take to reduce the likelihood and magnitude of a breach, including:

  • Know where your data is: Organisations need to have a thorough understanding of where and how sensitive data is stored and secured.
  • Give employees regular cybersecurity training: Human error was the cause of 34 per cent of the 518 data breaches reported to the OAIC in the first six months of 2020. It’s important, therefore, that employees are regularly taught cybersecurity best practices.
  • Run data breach drills: There’s not much point in having a highly detailed data breach response plan if aspects of that plan are flawed. That’s why it’s important to test the various processes in realistic drills, so you can iron out any kinks before real disaster strikes.
  • Conduct regular security audits: A security audit of your print and document environment can help to identify any vulnerabilities in your systems, as well as workflow inefficiencies. Bringing in an experienced third-party to conduct the audit may improve your chance of identifying weaknesses that you might have missed.
  • Engage an expert: No organisation can be expected to keep on top of new threats and security measures on their own. By engaging a third-party you can have peace of mind knowing that experienced cybersecurity specialists are looking after your data. Huon IT, a Kyocera Group Company, offers security-as-a-service packages that can strengthen your protection levels and improve detection and response times. Learn more here.

Ransomware attacks and phishing scams are on the rise, meaning it's more important than ever to ensure that your print and document environment is protected against cyber attacks. Book a free security audit today to find out exactly where your vulnerabilities are and how to mitigate them.