• 0115 824 8244
Logo Logo
  • Home
  • About us
  • Services
    • IT Support
    • IT Security
    • Teams Voice
  • Case Studies
  • News
  • Contact us

How not to handle a data breach

  • Home
  • Blog Details
December 6 2018
  • Security

It’s not often that a week goes by these days without a company revealing news of a data breach involving its customers. Partly this is down to the implementation of new legislation including GDPR which means breaches have to be made public within a specific timescale. But this doesn’t mean that companies are going about disclosing breaches in the best way.

Online retailer Amazon sparked worries among its customers a couple of weeks ago [1] by sending out an email to some of them. This essentially said that there had been a disclosure of information, but that everything was all right and there was nothing to worry about. Naturally many people who received this found it less than reassuring.

By contrast this week, question and answer platform Quora revealed that a breach that may have compromised its users. [2] It also emailed customers but the message set out full details as to what information may have been leaked and when. The company also reset the passwords of all those customers who may have been affected by the breach.

Full disclosure

The difference between these approaches is clear. While Amazon left customers wondering what had happened and scrabbling around on internet forums to look for information, Quora’s full disclosure made it easy to understand the situation and what action they needed to take.

You can argue that these are very different organisations, but retailers who are likely to hold information about payment methods should be faster to reassure their customers when a breach takes place.

In the wake of any breach, customers of the affected firm are likely to become the target of phishing attacks. Any other accounts on which they may have used the same password also become vulnerable. Knowing what information has been leaked is therefore important to allow people to adequately protect themselves.

Doing it right

So, what should companies do when confronted with a data breach? The first thing is to ensure that you comply with the law. Under GDPR, breaches need to be reported to the ICO [3] within 72 hours of being discovered. Failure to do so will make you liable to a fine. It’s also important to notify affected individuals as soon as possible.

You need to understand what constitutes a reportable event too. According to the ICO, this can also be accidental deletion of data internally, for example, not just unauthorised disclosure to third parties.

The first step in preparing for a breach, however, actually needs to take place before it happens. Businesses need to conduct an audit of what data they hold. They also need to have a plan in place to handle a breach. Rather than firefighting the problem after it’s happened, if you have prepared in advance, know who is in charge of the situation and what steps need to be taken, you will be much better equipped to make an effective response.

Taking a step further back, it’s also worth looking at how your data is secured. Information such as passwords and payment card details need to be encrypted so that even if it falls into the wrong hands, it can’t be used.

Making sure that login to your site is secure is essential too. Enforcing password rules so that there’s a minimum length and a variety of characters, for example. In addition, many companies are turning to the use of multi-factor authentication systems to ensure that logins are safe even if a password is compromised.

There is a right way and a wrong way to deal with data breaches, but if you can, it’s better to ensure your data is properly protected in the first place.

Cloudworks can help prevent data breaches by protecting your identities and users. If you’d like to know more – please call us on 0115 824 8244 or email us at hello@cloudworks.co.uk

[1] https://betanews.com/2018/11/21/amazon-discloses-names-and-addreses/
[2] https://www.infosecurity-magazine.com/news/quora-breach-hits-100-million/
[3] https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

Previous Post Next Post

Recent Posts

  • Embrace the Cloud!
  • Home-working is putting company systems and data at risk
  • Global demand for computers soars during pandemic
  • How to deal with a data breach notification
  • Emerging trends in cloud technology and cloud computing

Archives

  • February 2021
  • January 2021
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • November 2017

Categories

  • Cloud News
  • E-Mail Protection
  • IT Support News
  • Security
  • SharePoint Development
Logo

Microsoft Partner Nottingam

Services

  • IT Support
  • Phone Systems
  • IT Security

Contact Info

We're available via email or on the number below.

  • Email: hello@cloudworks.co.uk
  • Contact: 0115 824 8244

© Copyright 2021. Cloudworks

  • Privacy Policy
  • Terms and Conditions
Go to mobile version