Managing a Data Breach

In today's digital landscape, it's no secret that cyber attacks and data breaches have become increasingly common and more sophisticated. When an organisation finds itself in the unfortunate position of discovering a data breach, knowing how to respond is absolutely crucial. In this blog post, we'll delve into the essential steps an organisation like yours should take when faced with a data breach, from understanding common breach scenarios to best practices for prevention and a detailed guide on how to respond effectively.

Read on to discover the valuable strategies that can make all the difference when the stakes are high.

Common occurrences of a data breach

Before we explore best practice for preventing a breach, it's important to have a clear understanding of what constitutes a data breach. A data breach occurs when data is stolen or disclosed to an unauthorised third party, often cybercriminals, without the consent of the data controller or processor. The consequences of such breaches for a business can be severe, ranging from costly compliance violations and legal battles to long-term damage to an organisation's brand reputation.

Here are some common data breach scenarios that businesses frequently encounter:

• Unauthorised access by an external threat actor, including cybercriminals
• Internal staff members inappropriately accessing or viewing data they are not authorised to see
• The accidental sharing of sensitive data with unintended recipients
• Physical device theft, such as laptops or mobile devices, containing critical data
• Unauthorised changes or tampering of vital data
• Loss of data availability due to an incident like a ransomware attack
• Finding your company’s confidential information leaked online (Dark Web)  
• Unauthorised downloads on the organisation’s network

By understanding these common scenarios, your organisation is better equipped to identify the necessary steps to effectively mitigate the risk of a data breach.

Additionally, it's important to be aware of the Information Commissioner's Office (ICO) and its role in the event of data breach.

Who are the ICO?

The Information Commissioner's Office (ICO) is a regulatory authority in the United Kingdom responsible for upholding data protection and privacy rights. The ICO plays a vital role in safeguarding the privacy and personal data of individuals in the UK and ensuring that organisations, including public bodies, adhere to data protection laws and regulations. Its role has become even more significant with the introduction of GDPR, which imposes strict requirements on how personal data is handled and protected.

What breaches need to be notified to the ICO?

Notification to the ICO is obligatory only when a breach is likely to result in a risk to the rights and freedoms of individuals. If left unaddressed, such a breach can have substantial adverse effects on individuals, such as discrimination, harm to reputation, financial loss, or the loss of confidentiality or other significant economic or social disadvantages.

To ensure your organisation is protected against potential future legal repercussions, it is advisable to report all data breaches to the ICO. 

Best practice to prevent a data breach.

While it's impossible to provide an absolute guarantee against data breaches, there are proactive measures you can take to significantly reduce the risk and mitigate potential impacts. Here are some of TIEVA’s recommendations:

Install Antivirus (AV) / Endpoint Detection & Response (EDR) software - Since one of the biggest malware threats that contributes to data breaches is ransomware, it makes sense to use AV/EDR to detect and prevent wider spread of the infection across all systems. Valuable data (including Personally Identifiable Information (PII)) can be located on end user devices as well as services, so AV/EDR software should be implemented across all operating systems in order to provide the best possible outcome should a breach occur. It is also imperative that IT departments adopt robust cadence around updating AV/EDR software to ensure the most effective protection against evolving malware threats.

‍Learn to recognise phishing emails - Phishing attacks via email exploit social engineering tactics and are becoming increasingly difficult to spot due to cybercriminals' growing sophistication (see HRMC example below). The most effective defence against phishing attacks is to empower all users through cyber awareness and simulated phishing training programs. Phishing often serves as a precursor to ransomware attacks, with hackers luring users into clicking on malicious attachments or URLs, leading to device infection and network-wide spread. Phishing is also commonly used to obtain end-user login credentials and for financial extortion.

Use a VPN (Virtual Private Network) - A VPN allows for remote users to securely connect back into the corporate network. VPN technology allows for only known authenticated users and devices to gain access through the corporate firewall. Allowing remote access without a VPN, such as through unsure Remote Desktop Protocol (RDP), exposes the network to potential infiltration by hackers armed with user credentials (username and password).

Reduce the data footprint – The more data that is stored, the more there is for hackers to steal (specifically PII). Organisations should only hold the data that is actually required. All excess data should be purged when surplus to requirements.

I have already been breached, what shall I do?

In the unfortunate event of your organisation suffering a data breach, here is a step-by-step guide on the steps you need to take:

Firstly:

• You should make sure that your staff understand what constitutes a personal data breach
• You should ensure that you have an internal breach reporting procedure in place. This will help decision-making about whether you need to notify the Information Commissioner or the affected individuals
• Considering the tight timescales for reporting a breach, it is important to have robust breach detection, containment, management and mitigation policies and procedures in place.

If the ICO needs to be notified:

• You must report a notifiable breach to the ICO without undue delay and within 72 hours of when you became aware of it
• Part 3 of the DPA 2018 recognises that it will often be impossible for you to investigate a breach fully within that time period and allows you to provide information in phases, therefore ensure that at a minimum a phase 1 submission is provided to the ICO within the 72 hour deadline
• If you cannot provide all the information required above within 72 hours, you must also explain reasons for the delay in your breach notification
• If the breach is sufficiently serious to warrant notification to the public, you must do so without undue delay (as soon as this is known and can be effectively communicated)
• Failing to notify a breach when required to do so can result in a significant fine, which can be as high as 7 figures. Ouch!

‍

Are you currently grappling with a data breach, or have you recently experienced one?

TIEVA is here to help. Gain access to our Free Cyber Security Incident Response Plan, and our dedicated Cyber Security Incident Response Team (CSIRT) will provide the support you need:

24/7 Access to Security Operations Centre: Our CSIRT experts work tirelessly until the breach's severity is determined. Once the security incident is fully understood, we swiftly contain the breach to prevent further contamination.

Digital Forensics and Root Cause Analysis: We conduct thorough digital forensics and root cause investigations, which can bolster your data breach submissions to the ICO and facilitate remedial actions.

GDPR and ICO Submissions: TIEVA employs specialist toolsets to identify lost data and assists you in preparing and submitting a precise and timely ICO report.

Managed Detection & Response (MDR) and Cloud Extended Detection & Response (XDR) Services: We deploy both MDR and XDR services throughout the incident's duration to prevent additional breaches and mitigate data loss.

Consultancy and Security Incident Counselling: Our team provides guidance on navigating legal complexities and collaborates with your cyber insurer to ensure that breach-related costs are covered by your policy.

Don't face a data breach alone – let TIEVA's cyber security and resilience experts guide you through the process and help safeguard your organisation's future.

To get started simply complete the form below and one of our advisors will be able to assist.