Branch Locator
Home Security Small Business Data Breach: A Guide On What To Do Next
Business Security 1 February 2023

Small business data breach: a guide on what to do next

All businesses are vulnerable to cyber attack. Here’s a step by step guide of what to do if there’s been a data breach in your business.

Make sure you have a Data Breach Response Plan in case of any cyber attacks.
Identifying the breach and alerting the authorities are important first steps.
Ensure data back ups are working to reduce flow on impacts to clients.

 

Even with the best security measures, businesses may fall victim to cybercrime. By taking the right steps after a data breach, businesses can minimise the damage. Typically, you would have a detailed Data Breach Response Plan in place for such eventualities.

 

“This means you have a structured way to discover breaches, contain them, recover from them, assess the impact, notify impacted parties, and then review and improve,” explains Mike Ouwerkerk, the founder of Web Safe Staff.

 

If your business has been breached, take these six actionable steps to respond:

 

1. Identify the source and extent of the breach

Determine where the breach has taken place, track what files have been accessed and what actions cybercriminals have taken.

 

2. Alert professionals and address the breach

Call on your IT staff to manage cyberattacks like data breaches and to fix vulnerabilities.

“If you don’t have the capability in-house, find an organisation that can help,” says Ryan O’Kell, Head of Cyber Security (APAC) at Waterstons Australia.

“Incident response can be sticky, but the sooner you respond, the better.”

 

3. Contain the breach

The exact steps to contain the breach will be determined by the nature of the breach and your business type. Determine which servers or accounts have been compromised and contain the breach immediately so that other systems and servers are not affected. However, save a copy or disk image of affected servers for legal reasons.

 

4. Notify those affected by the breach

Identify those affected by the breach, such as customers, employees and third parties, and notify them. Communicate to customers how you plan to handle the breach and what actions are being taken.

 

5. Notify appropriate authorities

When there is a data breach of personal and credit information, you must notify the Office of the Australian Information Commissioner (OAIC). You should also report it to ATO’s Client Identity Support Centre. Reach out to law enforcement authorities and notify your bank and insurer.

 

6. Prepare for damage control and recovery

Minimise the impact of the breach on your business and customers. Ensure you have a recovery plan in place and that data backups are working.

“Backups must be protected from criminals and must be able to be restored in a timely fashion to get your business up and running again,” adds Ouwerkerk.

Find your local Gemcell Member branch
Find a Branch

Comments (0)

Write a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Share

Related News

Performance Reviews Gemcell
Business 23 April 2024

Performance reviews for tradies
Explore More
Customer value proposition Gemcell
Business 16 April 2024

Understanding your customer value proposition
Explore More
Middy's Oakleigh
Industry Lifestyle 15 April 2024

Meet A Local Customer – Middy’s Oakleigh
Explore More

Subscribe to our Newsletter

Keep up to date with our latest news and competitions by subscribing to our regular newsletter.

Newsletter 2