Skip to main content

Data Breach FAQs

Q. What types of data breaches are there?

Data breaches can come in the form of:

  • A cyber-attack
  • A lone hacker
  • Phishing
  • Ransomware
  • Employee negligence
  • Physical theft

The data you hold that could be breached includes any sensitive or confidential information you possess; mainly documents and contacts. As a victim of a data breach, this data could simply be viewed, or it could be copied and/or shared, potentially leading to fraudulent activity. The attacker may even hold you to ransom and demand payment for the return of the data – failure to comply could result in your data being destroyed.

Q. What is a reportable data breach?

All types of data breaches should be reported within your company and externally to those affected parties, as above. When it comes to the media, there is, of course, a very real possibility that they will pick up on the fact this has happened.

We can help you prepare for handling the press and protect your reputation by drafting appropriate statements and quotes to make sure you appear in control of the situation.

Q. What should a company do following a data breach?

Once you discover your data has been breached, there are several actions you need to take immediately:

  • Contact your IT providers, security and forensic experts to establish how the breach has occurred and they can work to fix the problem.
  • Inform your insurance company immediately.

It’s important to remain calm when working to resolve the issue – acting on emotions will only slow things down. Your IT providers will help with all of the technical issues, while we can help with all aspects of communications to keep affected parties up to date and ensure they feel confident doing business with you in future.

Q. How do data breaches happen?

Any business or individual that holds sensitive or confidential information can fall victim to a data breach. As explained, data breaches can happen in various ways, from an employee accidentally allowing a hacker in with the click of a button, to phishing, to physical theft.

Q. How can my company avoid a data breach?

There are a few simple actions you can take to help avoid a data breach:

  • Make sure your employees can identify a spam email and that they know not to open any attachments or click any links that they are not sure about. So often these are the causes of data breaches, with phishing emails becoming more and more sophisticated.
  • Passwords should be changed regularly and should not be easy to guess – a mixture of upper and lower case letters, combined with symbols is best. Also, they should not be shared with anybody else.
  • Keep sensitive data limited to a need-to-know basis. The fewer people that have access to such information, the less likely it is to be accidentally, or purposefully, leaked. Ensure you have anti-virus software installed to protect your systems from potential hackers.