Virtualization Technology News and Information
Data Breach Response: A Guide to Response and Recovery After a Data Breach


Image Source

Business cyber security is vital in an increasingly data-driven world. Yet, barely a day goes by without news of a high-profile data breach. Infamous incidents have involved companies like Facebook, Equifax, and Marriott International.  Governments are not immune from the risks either - at time of writing, Costa Rica is dealing with disruption to the IT systems of multiple government ministries as the result of a ransomware attack. 

Small businesses should be concerned about this too. According to Verizon's 2021 Data Breach Investigations Report, small businesses are the victims of 43% of online attacks. These incidents impose huge costs and can force businesses to cease trading - in some cases, permanently.

Every organization, big or small, should ask themselves 'what are the key steps in responding to a data breach?' Prevention is best, but in the event of a data breach incident, a planned response is required.

3 different types of data breach

There are many data security risks to consider. Incidences of small businesses experiencing cyber attacks are increasing in 2022. Thus, planning for such an event is more crucial than ever. Before we see what a plan looks like, let's explore what kinds of threats to sensitive data are out there.

  • Credential theft: Cybercriminals will often try to steal login information to access protected systems. It's much easier to access systems with a valid password than it is to "hack" into them, and the stolen sensitive information can be auctioned off on the dark web. Criminals can also threaten the mass release of privileged information unless a payment is made.
  • Distributed Denial of Service (DDoS): Victims have their systems overwhelmed by too many requests for access. For this to work, a cybercriminal infects numerous systems with a virus. That virus gives the cybercriminal control over the system and turns it into a bot. The bots are then ordered to flood the target system with an overwhelming volume of requests. As a result, the target system is slowed to a crawl or shut down entirely. These kinds of attacks can then be used as a cover for data theft.
  • Ransomware: Malicious actors install software on target systems that lock access for anyone but the criminals through complex encryption. The perpetrator then contacts the victim with ransom demands. Any delay in payment will often lead to increases in demanded payments. Having accessed secure systems, cybercriminals may still copy and steal sensitive data, even after a ransom has been paid.


Image source


Data breaches can have far-reaching consequences. They impact not only the target business but customers and other stakeholders, so you should be aware of these possibilities when planning a response.

  • Customer data can be sold on the dark web. Data that can then identify an individual can be used by scammers to fleece them of their money.
  • Businesses that fall victim to a data breach can be fined upon the identification of security flaws. Under the EU's GDPR legislation, for example, fines carry a maximum penalty of €20 million or 4% of global annual turnover - whichever is greater.
  • Companies can suffer huge reputational damage in the wake of a data breach. Businesses that lose the trust of customers find it very hard to recover.
  • If Intellectual property and operational data are exposed in a data breach, companies suffer dire consequences. Shareholders, suppliers, and other stakeholders will think twice about continuing to work with a company that can't secure its data.


To effectively respond when a data breach occurs, a plan should already be prepared. It begins by completing a risk assessment of your systems. This process will reveal likely targets. Whether those be the cybercriminals' ultimate goal or their method of attack. This knowledge will enable you to better secure your data and set-up methods of detection.

Let's take a look at potential vulnerabilities and targets.

Entry points

Businesses should be aware of all the ways an attacker could access their systems. Knowing where an attack has originated from will make responding easier. Even systems not connected to the internet can be targeted - cybercriminals can pose as IT personnel in order to install malware, for instance.


Image source

Some possible entry points are listed below.

What data will be targeted?

Data collection is necessary to succeed in business in the 2020s. It gives companies an edge in converting the most customers. However, information that can identify an individual is highly prized by cybercriminals.

Below, you will see some of the types of data cybercriminals target.

  • Names.
  • Dates of birth.
  • Credit card details.
  • Home addresses.
  • Medical history.
  • Vehicle registration info.
  • E-mail addresses.
  • Tax information.

Some cybercriminal activity is also industrial espionage. Thus, companies should also think about their IP and sensitive operational data.

Creating the plan

Understanding the targets and vulnerabilities allows a business to start planning for a data breach. A good plan will allow a quicker response time and faster recovery. The plan should be integrated into all your security policies. Where data is touched upon in a policy, your data breach response plan should apply.

Who does what?

A breach event can pull in different departments from across a business. Make sure everyone is aware of their responsibilities when a breach occurs.

  • Managers -  Leadership should be prepared to coordinate the response between departments. They will also need to be ready to work with external parties during an incident. Managers will be key in analyzing the event in the aftermath.
  • IT team - These will be your foot soldiers in the battle to eradicate the threat from your systems - they're also best placed to first detect a breach.
  • HR - Your human resources team should be called upon in the event of a data breach originating from an internal source.
  • PR - Public relations teams are vital in reducing harm to your company's reputation. It will be their job to manage how a breach is viewed in the media and by the public. Along with customer service teams, they form an integral part of the escalation management process for customer enquiries in the wake of a data breach.

Form a dedicated cyber security team


Image source

Creating a team to help form plans and manage a breach situation is vital. They can be called upon to ensure all departments are following the plan. The team can help managers coordinate the response. They will work with the IT folks to detect threats and mitigate damage from attacks.

Use your cyber security team to foster a culture of vigilance. Use them in training teams to prevent cybercrime and respond correctly if it occurs - engaging training materials can be produced at low cost using royalty free images. To be effective, the team requires a budget and staffing that matches the threat.

This team will be able to ensure that technology doesn't leave you open to a breach. By ensuring software is updated regularly, known security flaws can be eliminated. They can audit technology to ensure devices aren't endangering security. Devices under the category of 'The Internet of Things' can have security flaws.

Take out a cyber insurance policy

Cyber insurance can help with the costs associated with a data breach. The better your cyber security is to begin with, the lower your premiums. Insurers will often be able to assist in developing your response plan and quantify your cyber exposure in financial terms. They may also provide training services to your company to better avoid a data breach.

Backup critical data

One of the best practices for business continuity is to back up operationally critical data. For a rapid turn around from a data breach to get back to business, you will need access to your information ASAP. It is recommended that data be backed up in a remote location through cloud technologies. Additional on-site backups will only serve to improve response time, so go for it - just be sure to use different media.

Discovering and responding to a data breach

By providing your teams with the best cybersecurity training, you will have a vigilant workforce able to detect a possible data breach. Your IT teams should be on the lookout for unusual activity: multiple failed login attempts, error messages, or access requests from strange IP addresses are all red flags.


Image source

For example, a company that operates exclusively in the US wouldn't expect its systems to be interacting with websites with domain names Australia-based businesses would expect. It could be a sign of a DDoS attack attempt by a botnet from down under.

Immediate actions in the hours after discovering a data breach

Upon discovery of a data breach, you must put your plan into action. Your priority actions should be as follows.

  • Activate your cybersecurity team to begin forensics.
  • Isolate affected systems and cease using them.
  • Consult with your legal department.
  • Inform law enforcement.
  • Analyze the scale of the breach.
  • Assess the impact on business communications.
  • Gather PR and marketing to discuss how to communicate events to the public.

Complete these steps rapidly. A fast response will allow an expedited recovery. This is why it's so important to plan for such an eventuality. There are also some fairly uncommon practices, such as modernizing legacy systems in insurance sector or other industry, to keep something like this from happening in the first place.

Communicate with affected parties

You will have to have some difficult conversations with those affected by a data breach. Through honesty and openness, you'll be able to minimize reputational damage. Any communication with affected parties should stress that a plan was in place. It's vital that your company offers support to those concerned about how the data breach affects them.


Once you've handled the emergency situation, it'll be time for a clean-up. You should now contact your insurer to see how they can assist. Let's look at some of the actions your cybersecurity and IT team may need to take.

  • Eradicate affected files.
  • Restore from backups.
  • Identify and mitigate vulnerabilities.
  • Delete malware installed by cybercriminals.
  • Change passwords.
  • Update all systems and software.

As the source of the breach becomes clearer, other action may need to be taken. If the breach came from an internal employee, you will have to rely on your HR department to start their process. Whether internal or external, ensure that the relevant authorities are kept informed. It's also important to keep affected parties in the loop -rebuilding trust with customers, or other stakeholders, is an ongoing process.

Learning Lessons


Image source

After righting the ship, you should conduct an investigation into the data breach. The purpose is to determine if there is causality between company procedures and the occurrence of the breach. By the end of this review, you should have a list of actions to prevent further incidents. Following are examples of some of the questions your company should ask during this process.

  • Were internal communications systems disrupted during the event? Consider using externally hosted business phone systems. This will reduce the hampering of your response and recovery efforts, ensuring communication throughout.
  • Was the attack from an internal source? Review recruitment processes to reduce the chance of bringing a malign actor into the business.
  • Did you discover lax security in any areas? Beef up security procedures, especially in areas where sensitive information is held.
  • How well did the team follow the plan? Review training if necessary.
  • Is sensitive data too accessible? Ensure information is only accessed by those who require it. You can implement email tracking to see who is reading communications. You may find that emails are viewed by team members to whom they have no relevance.
  • Did technology help or hinder? Look at how you can improve the technological solutions you work with. Eliminate technology that exposes your company to a high risk of cybercriminal incursions.

Data power

Data is crucial for operating a business in the 21st century, and sometimes it's sensitive information. Companies are responsible for storing their data securely. No system, regardless of how secure, is immune from breaches.

What have we learned? Planning for a data breach is vital. It makes the response and recovery process move smoothly and rapidly. The more you can do to prevent a breach in the first place, the better. Data breaches can still occur, but by following a well-considered plan, you can mitigate financial and reputational damage.



Grace Lau - Director of Growth Content, Dialpad 

Grace Lau 

Grace Lau is the Director of Growth Content at Dialpad, an AI-powered cloud communication and CX platform for better and easier team collaboration. She has over 10 years of experience in content writing and strategy. Currently, she is responsible for leading branded and editorial content strategies, partnering with SEO and Ops teams to build and nurture content. Grace has written for domains such as Brightpearl and VoilaNorbert. Here is her LinkedIn.

Published Thursday, June 09, 2022 7:30 AM by David Marshall
How to Optimize Data Security with Data Lifecycle Management : @VMblog - (Author's Link) - June 27, 2022 7:41 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2022>