Data breach response best practices: How to avoid a ‘knee jerk’ reaction

Knowing how you’ll respond to a data breach goes hand in hand with the measures you are taking to avoid it happening in the first place.

With the threat of crippling fines hanging over every business, the need to follow – and be seen to follow – best practice is critical.


Don’t panic! How you can react to a data breach, calmly

The recent Facebook and Cambridge Analytica scandal has highlighted the value of data, but also the serious concerns of both the public and regulatory bodies when it comes to security and privacy.

All businesses need data – and it needs to be made available to partners and employees – to operate successfully. But now more than ever, there needs to be assurances that it’s being held with integrity and shared safely.

GDPR is just one factor that has already prompted significant and necessary investment in cyber security, user awareness training and next generation technology.

But businesses can’t remove the possibility of an incident completely.

Good security and information governance should reduce the likelihood of a data breach, but also limit the damage when the ‘inevitable’ happens…


Pre-emptive testing and investment

Ok, so vulnerability scans, penetration testing activities and regular spot checks are obviously intended to reduce the likelihood of an incident happening in the first place.

But if you are taking robust steps to try and anticipate issues that may arise when transferring data, then it will obviously help your case if you are to experience a dreaded cyber-attack.

Likewise, proactively deploying protection measures and rights management technologies is only going to be viewed positively. For example, Azure Information Protection can prevent documents being saved, forwarded or printed unless the document author, or company policies allow it.

Preparing for the worst, taking steps to mitigate an attack, and documenting everything will make your life a lot more comfortable when you must produce your report in the event of a data breach.

Check out our Azure IP demonstration video for a deeper dive.

Incident response policies and strategies

Despite your investment in risk assessments, employee education and protective monitoring, your worst nightmare has happened.

Now you want to avoid a knee-jerk or delayed reaction – either of which is only likely to make the situation worse.

With clear incident response policies and procedures, you can ensure a calm, collected and measured response from your organisation.

For example, providing your team with a simple checklist can help them quickly locate the cause, make an objective assessment of the impact, and take the necessary actions to prevent any further damage.

If this document is missing – or creates any ambiguity – then your response will be inefficient, slow and probably inappropriate.

Who’s been affected? Who do I contact? How do I remedy vulnerabilities? – You want to make sure the right questions are being asked – and answered – and communication lines are clear.

The ICO offers a great document to get you started: ‘Guidance on data security breach management’.

‘What if’ scenarios

Providing checklists, or run books, for staff to manage flows of activity is just the first step in the right direction – you want to make sure they’ve had exposure and input beforehand.

Everybody on your team should be on-board with the process and ‘battle ready’ – and not just at the most senior level.

Work through ‘what if’ scenarios with everyone on your A, B and even C teams, so they are ready for any incident management requirements.

External support

‘What if’ scenarios are useful, but they can’t remove the human factor.

Your employees will inevitably have an emotional attachment to their areas of responsibility.

When an incident happens, they will be under extreme pressure and undoubtedly stressed, which could compromise their actions no matter how well prepared you think they may be.

By using a third party – particularly at the triage stage – you will gain an objective view on the situation. This offers you piece of mind that the right steps are being taken.

Oxford Computer Group offers a Cyber Incident Support Triage Service, download our information sheet to discover how we can help gather evidence, assess the damage and put together a plan for recovery.


It’s not enough that you are taking the necessary precautions and making the necessary preparations in your business. It’s crucial your suppliers assist you in meeting those standards – and you can transfer liability where appropriate.

Demand it – and make sure it’s reflected in any contractual arrangements.

You don’t want to be liable for the actions they have or haven’t taken in the event of a data breach.

Make sure you’ve got proof and can gain compliance statements if or when you’ve been compromised.



One of the most important aspects of good security governance is the ability to react quickly and effectively.

If you put the steps in place and take the necessary precautions, you can rest easier than most knowing you can meet reporting obligations in a robust manner – and minimise the damage to your organisation in the process.

If you would like to know more about effective data management and good cyber security practices, why not watch our information governance webinar.

Alternatively, find out where your current security setup stands by taking our cyber security assessment tool. We’ll send you a completed report detailing your strengths, weaknesses and where improvements can be made.