If your company is hacked, it can have serious consequences. If personal data that you retain on your customers, suppliers and partners is exposed during the event, it is regarded as a data breach by the UK data regulator the Information Commissioner’s Office (ICO).
Whether it is no fault of your firms or due to an act of negligence by a member of your staff, how you act when an event occurs is exceptionally important. Read on for some important steps to take when this unfortunate situation takes place.
Report the breach to the ICO
Companies have a 72-hour window to make a data breach report to the ICO. In this report, you will need to detail when the breach was discovered, when it likely occurred, what data was involved and how sensitive it is among other information.
If the ICO feels that the breach happened because of negligence on your part, it has the right to issue a substantial fine based on its findings.
Inform data subjects
You are obligated to let all data subjects whose personal information was compromised that a breach has occurred. You must provide them with as much information as you can including what type of data was exposed and what you are doing to resolve the problem. You should offer them advice to protect themselves against threat operators using their data. If financial details were involved, you should recommend they check their credit scores if it is contact information, warn them about phishing attacks.
Investigation and remediation
You must investigate the breach and identify how it happened. If you do not have an in-house team capable of this task, you will need to hire a forensic expert. Once you have discovered how the breach occurred you must take steps to ensure it cannot happen again. If staff negligence was to blame, a reprimand and re-training will be required. However, if it is a technical issue you may need to purchase a protective solution to prevent attacks.
Protect your firm against a data breach
To avoid putting your firm and the information of data subjects that you use at risk, data encryption software is essential. At Galaxkey, we have designed cutting-edge data encryption that is based on the onion model recommended for Government use in the USA. Approved by the UK’s own National Cyber Security Centre (NCSC) it provides three powerful layers of protective encryption to safeguard data files and email communications (Along with their attachments).
Whether files are accidentally released or stolen in an attack, if they are encrypted, they will be illegible to unauthorised entities.
If the ICO believes you have taken appropriate measures to protect the data in your care, such as encrypting it with a first-class solution, your company can avoid unnecessary fines. Easy-to-use, our encryption can be added with a single click, making it exceptionally simple for your personnel to use.
For a free two-week trial of our solution, contact our team at Galaxkey today and get protected from potential breaches.