Navigating a Corporate Data Breach

Cybersecurity is not just a technical IT problem. As business people, we all have a role to play in protecting our companies and the data they store. Here are 6 things you should consider if your company has suffered a data breach.

Navigating a Corporate Data Breach

Data breaches have existed for as long as companies have maintained confidential information and private records. Although data breaches have been around for quite some time, instances of them are now on the rise, striking fear into both small and large companies alike. It is believed that data breaches are more common now than ever due to the sudden rise in the number of corporate entities switching over to cloud computing to support remote work operations. This occurrence is supported by a recent report by IMB, which found that the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach.

Although instances of data breaches are on the rise, many companies do not have an action plan in place for if one occurs. This is namely because there is much confusion surrounding data breach best practices on the part of corporations. Thankfully, there are expert-approved guidelines every business can and should refer to when they come face to face with a data breach.

Step #1 Confirmation

As a corporation, the first thing you should do is confirm a data breach. Remember, an email stating that there has been a breach is not enough to conclusively confirm that a real data breach did indeed occur. If you did receive an email, do not reply, as this email could be from scammers posing as a breacher to get your personal information. Your first step should always be to alert your breach task force so they can work on uncovering the source and extent of the breach.

Step #2 The Source and Extent

Ideally, you should have an intrusion detection and/or prevention system (IDS and IPS) in place that can automatically log security events in for you. Using these logs, you should be able to track the source of the breach, see which files were accessed, as well as which files were accessed by the hacker. It is crucial to uncover this information as it informs your next steps. If you do not have IDS/IPS for your network, all is not lost, this just means that collecting the above information will take considerably more time and be more labor-intensive for your IT team. In addition to uncovering the source, it is also crucial to uncover what exactly was breached at this step. If personal data was breached, it is important to remember that your customers/clients or employees are at serious risk for identity theft.

The Most Common Types of Data Breaches:

There are numerous types of data breaches corporations should be aware of to safeguard their data, the most common being ransomware, XSS attacks, man-in-the-middle attacks, and SQL injection attacks.

Ransomware is a specific type of malware that blocks authorized user access to data systems and files. Corporations that experience ransomware attacks will usually be asked for ‘ransom’ by hackers to regain control and access to their data. The most common form of a ransomware attack is known as a locker ransomware attack. Here, a user will be locked out of their computer after opening a file or link that was infected with malware.

XSS attacks have become one of the most widely used types of data breaches in recent years. This type of attack occurs when a cyber-attacker inserts a malicious script into a specific webpages HTML body. When a user accesses the infected webpage, the malicious script can then be executed against the web user’s browser. This gives the attacker direct access to the victim’s browser and its data.

Man-in-the-middle attacks involve a cyber-attacker intercepting communication between two parties to gain access to information such as logins, key dates, file locations, and more. In 2018, MITM attempts were associated with 35% of all security exploits, making them one of the more common data breaches organizations are advised to protect themselves against. Researchers have also identified vulnerabilities in 3G, 4G, and 5G wireless networks that are often exploited in this type of data breach attack.

SQL, or Structured Query Language, is a programming language commonly used for web-based data management systems. In a SQL injection attack, a hacker gains control over a web database to tamper with its contents. Since this is a type of data breach in which a cyber attacker can exert complete control over a web-based application, some hackers will also utilize this attack type to destroy a data system entirely.

It is crucial to identify the type of data breach your corporation experienced as this informs your security fix.

Step #3 Test your Security Fix

After encountering, identifying, and assessing the type of data breach, your IT team will then work to implement a short-term security fix to prevent any further outside access to company data. Immediately after implementing this fix, your team should then test this fix thoroughly to guarantee that the attacker cannot use the same method to attack your company again. This kind of penetration testing should be repeated for all your company’s servers to make sure the same vulnerability that led to the breach does not exist elsewhere.

Step #4 Inform Authorities and Affected Customers

Once you have a fix in place and have tested its effectiveness, you will then need to reach out to any customers that may have been affected by the breach. Your company should also inform federal authorities of the breach as they may be able to provide you with crucial instructions for complying with post-breach regulatory standards for your industry.

How to Notify Customers:

While the specific approach you will take in notifying customers of a breach will depend on the type of breach your company experiences and the industry you are in, some elements should be considered across the board. These critical elements relate to time, information, and thoroughness.

  • Time: the sooner you can alert customers to a breach, the more time they will have to protect themselves from potential fraud.
  • Information: when communicating with your customers affected, try to include some information about the nature and the extent of the breach in the document. For example, if a customer’s information was compromised, inform them of what information was taken. To further assist your customers, include ‘next step’ actions they should take to protect themselves from identity theft.
  • Thoroughness: it is important to make sure that all affected parties are notified of the breach. To cover more ground, try using more than one communication channel to make sure your message reaches all affected parties.

Step #5 Remedying Loss in Consumer Confidence

It’s no secret that a data breach can have severe impacts well after the initial breach has been seen. The most common impact revolves around a loss of consumer confidence which needs to be addressed by taking actions that restore public trust. By neutralizing a breach quickly and minimizing the impact of the breach, a corporation can reduce the cost of a breach. It is important to realize though that the corporate road to recovery after a business breach can be a long one, not just a costly one.

Step #6 Being Proactive Against Future Risk

The final step in handling a data breach cannot be completed, as it revolves around the continuous monitoring of a business’s implemented security, as well as continuous education on the latest data threats penetrating the industry. During this ongoing step, businesses should periodically review how their current security system stands against new threats. It is also pivotal that IT teams test if there is any room for improvement in security. Since cyber threats continuously evolve, it is crucial that a business’s security measures be taken, this way, businesses can always stay one step ahead of the latest threats.


When it comes to business data breaches, prevention is always better than dealing with the fallout. Unfortunately, prevention is becoming increasingly difficult to be certain of as hackers take advantage of weaknesses in new technology, technology which is being adopted at a rapid pace in response to the move towards a hybrid working environment. Thankfully, there are steps businesses can take to remedy damage and deal with the breach in the corporation’s and the public’s interest, which were outlined above.