What to Do If You Suspect a Cyber Security Breach

6 June 2019

Cyber security threats and data breaches are a surprisingly common occurrence. In the past few years, some of the biggest names in their respective sectors have been hit by hugely compromising attacks from hackers. If huge companies such as LinkedIn and Yahoo can fall victim to these breaches in security, then it would be wise to ensure your own cyber security is strengthened as much as possible.

The results of having sensitive, protected or confidential information stolen or transmitted by unauthorised parties can be devastating to a company’s security and reputation. And because of their alarming frequency, even with the right precautions in place, it’s still possible to suffer breaches.

As a business, it’s essential that you know what steps to take. If you’re one of the many businesses whose sensitive information has been exposed through data and security breaches, here’s what you should do if you suspect a data breach.

Determine what was stolen

If your cybersecurity has been compromised, then it’s important to determine what kind of information has been lost in the data breach. There are degrees of sensitivity for respective types of information; if it’s names and street addresses then that’s probably not enough to create any serious problems, for example.

 

Typing on a laptop

If, however, it’s employee email addresses, dates of birth and payment-card account numbers, then that can be a cause for concern. Stolen email addresses can result in increased spam, while a stolen credit card can levy accounts with fraudulent charges. A date of birth is useless on its own, but when combined with a name, it can be used to verify identity.

National insurance numbers, passwords and security codes are where things start to get serious, as these will all allow hackers to pose as people within your company.

Change any affected passwords 

If any online accounts have been hacked, change the password on that account as soon as you can. If the same password is used for other accounts, change these to new, strong passwords for each individual account. Re-using the same password for multiple accounts is never a good idea.

If two-factor authentication is available, then use it. Two-factor authentication means any thief who attempts to log into the online account won’t be able to get in; even with the right password, they’ll still need a numeric code that gets texted to the legitimate user’s mobile phone.

Laptop with sticky notes held over keyboard 

Consider using a password manager to keep track of all the different passwords you’ll need to use. You’ll only need one password to access the software, though if this is compromised, it means all your accounts will be too.

Contact the necessary financial institutions 

If a payment-card number has been stolen, contact the bank or organisation that issued the card the second you notice something is wrong, and make sure you’re put through to a human representative. Let them know that an account is at risk of fraud and ask them to alert you if any suspicious activity has been detected. The bank will cancel the card if this happens and issue you with a new one straight away.

Stop additional data loss

Take any equipment that’s been affected offline immediately, and if possible, put clean machines online in place of affected ones. Any improperly posted information that was posted on the web should be removed. For example, if the data breach involved personal information being posted on your website, get rid of it as soon as possible.

Also, be aware that internet search engines store information in a cache for a period of time, so contact search engines to make sure they don’t archive this misused personal information posted in error. Likewise, if this exposed data has been featured on other websites, contact these sites and ask to have them remove it.

Man wearing glasses works on laptop and two split pc screens displaying data

Talk to the people who discovered the breach. If your company has a customer service centre, make sure the staff know where to forward information that can help with your investigation of the breach.

Fix any vulnerabilities 

If service providers were involved, examine what personal information they have access to and make a decision whether you need to change their access privileges going forward. Also, ensure your service providers are taking the right action to make sure another breach doesn’t occur. If your service providers say things have been rectified, then verify that they actually have.

Be sure to check your network segmentation too. When you initially set up your network, it’s more than likely that you segmented it so that a breach on one server couldn’t lead to a breach on another server or site. Was the segmentation effective in containing the breach? If not, you’ll have to rectify things now.

Did encryption help at all? If it was enabled, then take a look at your backup or persevered data, and review logs to determine who had access to the data at the time of the breach. Also, see who has access, determine whether that access is needed and restrict it if not.

Tired at the office surrounded by monitors and paperwork

Consider creating a communication plan for any affected audiences, including employees, customers, investors, business partners and other stakeholders. Be open and transparent in what you’re communicating and don’t withhold important details that might help consumers protect themselves and their information. Understand that many will have questions about the breach, so answer them in clear, straightforward language. It’s important to allay everyone’s concerns as much as possible.

Notify the appropriate parties    

 If you know for sure that your data has been breached, then notify the police, other affected businesses and any other parties you feel necessary. Call the police immediately, report your situation and note the potential risk for identity theft. If your local police aren’t familiar with investigating these kinds of compromises, you may have to escalate it to a higher authority.

Additionally, it may be worth notifying other businesses, especially if account information has been accessed but you don’t maintain the accounts. Notify the institution that does so it can monitor its accounts for fraudulent activity. If the opposite is true, and you store information on behalf of other businesses, then notify them of the data breach.

Hacker doing a crime on twin laptops with lights dimmed and data displayed on screens

What are some examples of data breaches? 

Microsoft 365 – Around 6% of Microsoft’s Office 365 accounts were affected by hackers when personal content from emails was exposed as part of a data breach.

Mumsnet – A software change that occurred as part of the parenting site’s move to the cloud was suspected of leading users to see the details of other members.

Town of Salem – More than 7 million users of web browser game Town of Salem had their personal data compromised, including usernames, email addresses, passwords, IP addresses and payment information.

Uber – The data of 57 million customers and drivers were exposed in 2016, leading the firm to pay $100,000 to the hackers for them to delete the data. This was them settled out of court to the tune of £133m.

Marriott International – As many as 500 million guests were affected by a data breach believed to have come from a hacker who gained access to their Starwood guest authorisation database. This led to guests’ card details being accessed, as well as other details like passport numbers and check-in/out information.

Our professional team can effectively dispose of your old hardware. If you’re in the process of overhauling your IT systems, visit our homepage to find out about our IT disposals services or call us today on 0333 060 0547 


Back to News

Instant Quotation