Steps towards recovering from a data protection breach
Unfortunately, quite often we see the best way to force a company to prioritise cyber security is to experience a breach. That makes an organisation think about their policies and update their security programmes at a much faster rate.
At the recent Cyber Security Seminars held across the UK, Robert Walters and a panel of experts from the industry discussed some key easy ways to help your company recover faster after a security breach.
Responding to a breach
When responding to a breach, management needs to remember it is not just an "incident response" but a "cyber incident response". This means there are more steps that need to go into the recovery, so all stakeholders including staff and clients understand fully what happened. Making a full recovery, and retaining goodwill with staff and customers depends on this.
The response is just as important as learning how it happened and how to prevent it from happening again.
Key steps to a successful recovery
- Contain it
- Understand it
- Understand where you are as a company after it
- Start a remediation path
Stay positive and proactive
The organisation needs to create value of the breach or use the experience as a tool for turning the company around and becoming more proactive when it comes to cyber security.
Its not all just about simply looking at the problem right in front of you. You need to set a vision and take a positive stance following the breach.
Sharing details about a breach
Many companies are nervous to share information after a cyber security attack. Giving such information out you are letting the world know that you were breached, which in turn can tarnish the image of the company.
In the US there is a better system around information sharing and they understand information sharing is vital to understanding where threats lie and how to stop them.
The panellists agreed that being open and up front about a breach will benefit the company in the long term - and help retain brand image and customer satisfaction. People dont want to feel like they are tricked or kept in the dark about things. Customers are more and more tech savvy and can see through a veiled cover-up.
At the very least, an organisation needs someone who understands the technical aspects to get the basics right from the offset, and who can explain it - even if minimally - to outside stakeholders. Its not all just about simply looking at the problem right in front of you. You need to set a vision and take a positive stance following the breach.
Read more information on cyber security and the other topics discussed at the seminars here.
Contact us for more information about future technology seminars, or to have a confidential discussion about any of your recruitment needs please contact: