Help following a data breach

As well as handling negative publicity online and in the press, we are increasingly asked to help companies that have had their data breached or been victim of a cyber-attack.

If this has happened to you, it is critically important that you act immediately.  You will need to communicate with everyone who’s data has been accessed - your staff, your customers, your prospects and probably many other people whose confidential data you have on your system.

Failure to act quickly, efficiently and properly will jeopardise your company’s reputation and could lead to a loss of business.

What is a data breach?

A data breach occurs when sensitive information or confidential data you hold is accessed by someone without authorisation.

The data could be in the form of files and documents or contacts you hold on your database and CRM system.

This information might be viewed, copied or shared. 

Typically, a breach happens when you are the victim of a cyber-attack or hacker.  Phising, ransomware, employee negligence and physical theft are also likely causes.

Why should a data breach be taken seriously?

For a number of reasons.

A breach reflects badly on your company, which could be viewed as having lax and sub-standard security systems in place.

In the wrong hands, stolen data and information can be used fraudulently. 

A hacker might even hold you to ransom and blackmail you into paying for the return of the data. If you don’t comply, they could spam your contacts and destroy your data (yes, they have the power to do that remotely).

As well as causing distress to those whose data has been accessed, a data breach will always cause a degree of business disruption and interruption.

If you take responsibility for your own IT and systems (as opposed to using a third party to protect you) you could also face prosecution, criminal charges and fines in some instances.

In short, a data breach should always be taken seriously.

 

Who can suffer a data breach?

Quite simply, any individual or company that holds sensitive information and data on its systems.

 

What should I do following a data breach?

Following a data breach, you should:

  1. Remain calm.
  2. Contact your IT providers, security and forensic experts immediately to establish the source of the breach. They should be able to identify and fix the problem.
  3. At the same time, it is imperative that you notify your customers and anyone else who’s been affected. Failure to do this could result in penalties, fines and loss of confidence in your business.
  4. Once the problem has been sorted, you should contact everyone again to update them, apologise for any inconvenience caused and reassure them that you have taken steps to prevent a further breach.
  5. Hold a review meeting with your internal team, IT suppliers and communications agency to agree a plan of action should a similar incident occur in the future. During this session, you should consider all possible scenarios; draw up clear instructions about who should do what; and have prepared statements and communications ready to issue to avoid delays and reputational damage.

Being prepared for a crisis is by far the best way to minimise any damage to your reputation.

 

Who can help me after a data breach?

Your IT providers will help you with the technical aspects, while we can help you with all the associated communications required to inform and reassure those affected.

Our help will be tailored to the type of security breach you’ve experienced and could see us drafting and issuing any or all of the following: letters, emails, website and social media messages, internal news bulletins, press statements and any other appropriate communications to help ensure you appear in control of the situation.

A data breach requires fast, efficient and decisive communication to reassure those affected and help protect the reputation of you and your business.

We have many years’ experience helping companies of all sizes communicate effectively and efficiently in such situations. With our support, you’ll be free to carry on running your business, knowing all communication bases are covered.

One of my co-directors was found guilty of drink driving.  I was concerned that if it got out, we’d suffer from negative press and loss of business.  As it happened, there was no backlash but being able to contact you and have some pre-prepared statements and letters ready was reassuring.

I thought the problem would go away if I ignored it. It didn’t. I was reluctant to use you but can honestly say, your support and advice helped pull me back from the brink. Your patience, clarity of thought and advice were just what I needed to get me through the emotional roller coaster.

Your calm and steady approach was everything I needed when my business was being unfairly criticised in the national press. You stopped me from responding in haste, which I realise now, was the worst thing I could have done! Thank you, thank you, thank you.

My business was facing a torrent of unfair criticism on Facebook.  It stemmed from one negative post by an ex-employee and escalated like wild fire. Your level-headed, practical advice helped get the negative comments removed.  Thank you from the bottom of my heart.