Data Breach Response Guide: What to Do During and After One

Data breaches represent the greatest threat to your business. In this data breach response guide, you’ll learn how to respond to a breach as it’s happening and how to react after one. But what is a data breach?

The Federal Trade Commission (FTC) data breach definition is any unauthorized acquisition, release, or access to information that could put sensitive information in an untrusted environment. For example, this could be the public eye.

According to IBM, the costs of data breaches have reached a record high. In 2024, the average cost of a data breach globally had reached $4.88 million, matching a trend that has continued unabated for several years.

Data breaches can occur through paper or digital documents. With that in mind, here’s how to prepare for an attack, what to do during a breach, and your data breach recovery process.

The Impact of a Data Breach on Companies

Data breaches are often quantified in dollars, but the impact of a successful company data breach extends much further than the initial monetary costs. Digital and physical data can serve as touchpaper that destroy your business.

According to Verizon, 60% of businesses that suffer a successful breach go out of business within six months. It’s not the initial cost but the combination of reputational damage, loss of trust, and legal problems that cause these firms to shutter forever.

Financial and Legal Ramifications

In the beginning, the damage of a data breach is confined to the immediate costs to your business. This could result in lost business and regulatory fines, but the financial costs also extend to lawsuits.

Here’s a rundown of what this looks like:

  • Regulatory Fines – Regulatory fines are usually levied per violation, not breach. For example, the General Data Protection Regulation (GDPR) framework mandates up to 20 million Euros in fines or 4% of global annual turnover, whichever is greater.
  • Legal Fees – Responding to a data breach usually means lawyering up to confront investigations and potential lawsuits. It’s not unheard of for businesses to spend six figures on their immediate defense.
  • Lawsuits – Impacted parties, including customers, may file lawsuits against your company for not protecting your data. Huge class action lawsuits could easily lead to settlements worth millions.

It’s also worth mentioning that triggering your initial cyber breach response almost certainly means tracing the damage and rectifying your vulnerabilities with the help of a skilled professional. The costs of recovery alone can act as a drag on your business’s finances for years.

Loss of Customer Trust and Brand Damage

Customers are hyperaware of data privacy and have shown themselves unwilling to do business with companies that fail to protect their data. And there’s no evidence to show that they care whose fault it is.

For example, Target’s data breach over ten years ago resulted in the information of 110 million customers being accessed. In the aftermath, it was concluded that company sales fell by 4%, with profits falling by 50% as customers shopped elsewhere.

Customers are protective of their data and won’t accept doing business with a brand that can’t protect it. According to one study, 66% of U.S. consumers said they wouldn’t trust a company that falls victim to a data breach. Additionally, 44% of people said cyber incidents are primarily due to a company’s lack of security measures.

Paper Data Vulnerabilities and Shredding

Most breaches that make the headlines these days focus on cyberattacks. However, a company data breach doesn’t need to be cyber by nature. Paper documents can also form the basis of a significant data breach.

It can be as simple as the recycled remains of shredded documents being put back together again by dumpster divers. Alternatively, an employee might leave a pile of documents in a bathroom or on a table in a restaurant somewhere.

That’s why your data breach response policy must factor in physical documentation to avoid leaving yourself vulnerable through this popular attack vector. Secure document shredding is one aspect that should be incorporated into any ironclad data protection policy.

Being Prepared Before a Cyber Breach Happens

Is your business prepared for a cyber breach, and what will you do if the worst happens?

Despite the known risks, most organizations are wholly unprepared for a data breach. According to Risk & Insurance, 68% of business executives who responded to a survey said they were concerned or extremely concerned about their preparedness for a cyberattack.

The best way to defend your firm from an attack is to be prepared for it. With the impact of data breaches on companies being so substantial, preparing yourself now is the best investment in your future.

disaster recovery plan

Risk Assessment and Data Inventory

Begin by getting an overview of your organization’s current makeup. Enlist your IT team and the heads of each department to create an inventory of where your data is and what you have. This should include investigating both physical and digital data. Additionally, once data has been sourced, a risk assessment should analyze how vulnerable this data is.

Mapping out your company’s data ecosystem lets you know where your vulnerabilities lie and where to direct your efforts.

Secure Paper Records With Shredding Services

Paper documents are involved in an alarming number of data breaches. Exposure could come from outside, but it could also come from insiders, such as disgruntled employees. The best way to secure your paper records is by partnering with a secure shredding provider.

Focus on securing paper documents containing sensitive data under lock and key and outline who is responsible for access. Moreover, there should be a clearly defined retention policy in place that ensures documents are kept and then immediately shredded when they reach the end of their lifecycle.

Regular shredding reduces the odds of falling victim to a data breach and enables you to stay on top of everything you’ve got in your records.

Employee Training and Cybersecurity Protocols

Human error is by far the most significant factor in successful data breaches. According to a study conducted by the University of Stamford, up to 88% of data breaches are the result of human error.

Regular training on cybersecurity best practices is critical. Examples include:

  • The need to create strong passwords.
  • The importance of access controls.
  • What to do if you detect suspicious behavior.
  • The most common types of attacks and how to prevent them.

You don’t need to be a cybersecurity expert to benefit from this training. For example, more than 94% of organizations reported email security incidents in 2023, illustrating how basic knowledge can avert a colossal proportion of attempted attacks.

All new hires should receive training. In addition, existing staff should be retrained at least once a year, focusing on any brand-new threats that have emerged.

What to Do During a Company Data Breach

Understand that a response to a breach is time-sensitive because more of your assets will be exposed unless you isolate and contain the breach. Quick action as part of your employee data breach response guide reduces the damage and stops an attack in its tracks.

But what does that actually look like? Here’s your data breach response plan for attacks that are already in progress.

Contain and Isolate the Breach

The first step is to contain and isolate the breach. Disconnect all connected systems, devices, and networks from their respective access points. The act of disconnecting everything limits the attack scope, especially if you’re unaware of whether the attack is internal or external. Failure to act quickly and data loss will only increase.

Your IT team must leap into action to collect evidence relating to the breach and track it down to where it originated. They’ll identify which systems have been compromised and then isolate them. Any information collected during this time is vital for your recovery using cyber forensic analysis later.

In the meantime, your team should restrict access to critical systems. Only those who require it should have access. Opting for a zero-tolerance approach stops cyberattackers if they’re attempting to use employee credentials to get through.

After the initial fire has been put out, it’s time to reset all passwords and seek professional help to begin your recovery.

Notify Internal Teams and Legal Counsel

Following a data breach, it’s time to communicate. Any data breach response plan template must include a list of relevant parties that should be notified, preferably in order of priority.

Here are the main parties to inform:

  • Internal Teams – Everyone within your organization should be aware that an incident has occurred and what it will mean for them, such as the temporary suspension of projects and new post-breach protocols.
  • Legal Counsel – Every data breach has potential legal ramifications. Inform your legal counsel about what happened and let them advise you on how to proceed.
  • Regulatory Bodies – Depending on your industry, you may have an obligation to report the breach to the relevant regulatory body. In some cases, this may also extend to law enforcement authorities.
  • Customers – Once you’ve carried out your legal duties, it’s time to go public about the data breach and what it means for your customers. It’s important to be factual without causing mass panic. Work with your HR team to craft and communicate a template message across all channels, including email and social media.
  • Third-Party Agencies – If your breach has impacted third-party agencies, be prepared to communicate with them. For example, if you’ve got sensitive data from a partner in your systems, you should inform your partner so that they can respond.

How you communicate is up to you, but what matters is that you must communicate promptly. Don’t cover up the data breach for weeks, hoping it will disappear. The sooner you respond, the less damage will be caused.

Paper Documents as Breach Vectors

Don’t discount the potential for paper documents to become potential breach vectors. Determining what to do during a data breach shouldn’t focus exclusively on cyber issues but also on whether a physical document could have been the cause.

For example, perhaps you didn’t shred your employee HR records, and somehow, someone used that paper documentation to commit identity theft. Investigate your paper documents with the same vigor as your digital data.

History is the greatest teacher

Don’t repeat the same mistakes as other businesses – read about their data breaches and how to avoid similar fates.

learn how

What Should a Company Do After a Data Breach

An effective data breach response plan is swift and initiates the recovery process as soon as possible. In all cases, the goal is to minimize the damage caused and to return to normal operations.

Here’s your data breach response, a guide for business entities worried about what to do after an initial breach.

Communication With Affected Parties

Transparent communication isn’t just a courtesy but a legal requirement. You must report data breaches in many industries to relevant regulatory bodies and law enforcement to comply with state and federal laws.

Another reason to communicate a breach quickly is you give affected parties more time to protect themselves. Delaying the release of a detected data breach to stakeholders and the public potentially allows cyberattackers to continue their attacks beyond your company’s borders.

For example, if you were hacked and customer details were leaked, covering it up could mean those same attackers use those details to commit identity theft. Furthermore, they could use credentials from your partners to undermine their systems as well.

The quicker you communicate with all affected parties, the quicker they can take steps to protect themselves. Nobody will ever be happy to hear of a data breach, but people will be grateful that you gave them the heads-up.

Implement Enhanced Security Measures

During a data breach, your IT team should have discovered the attack vector and the entry point for the attacker. Uncovering as many details about the attack as possible gives you more information to act upon later when strengthening your existing security measures.

In the aftermath of an attack, it’s critical to review your internal policies to examine whether any gaps could have directly caused or contributed to the incident. Updating your security measures reduces the chances of the same incident happening again.

It’s also a great time to update your incident response plan. Effective incident response plans cover every base, including all types of attacks and every vector. If these plans are unclear, or your response plan didn’t go smoothly, it indicates they require another look.

Don’t discount the impact of dedicated personnel in implementing enhanced security measures. An increasing number of businesses are appointing Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to lead the charge in cybersecurity.

Why this makes sense is that IT teams have their responsibilities spread across multiple functions. Appointing someone to one of these positions means you’ve got someone focused solely on data protection.

Auditing Paper and Digital Data Handling

How does your company handle data? An audit of this category focuses on who handles data, how it’s handled, and whether any gaping chasms could increase the chances of a data breach occurring.

Here are the basic steps to follow when auditing your data handling:

  1. Plan – Plan your audit and define its scope and objectives. For example, perhaps you want to focus on access controls relating to paper documents because you’re concerned that the data breach was paper-based.
  2. Analyze – Analyze your current data handling procedures and their effectiveness. It’s also worth taking the time to audit compliance and who’s responsible for enforcing said policies.
  3. Weaknesses – Perform a comprehensive analysis of the strengths and weaknesses of your previous data handling procedures. For example, perhaps you find that you’ve got a lack of verifiable access controls, or you’re not sticking to a dedicated retention and destruction schedule.
  4. Actions – Recommend corrective actions. Corrective action plans may be formed by someone in your internal team. Still, it’s recommended that you invest in a third-party cybersecurity company to come in and provide an objective review of your operations.
  5. Reflect – The final step is to return to your data handling procedures later and review the impact your corrective actions have had on your data security procedures. Are there any additional changes that are needed?

Note that these steps should be performed and repeated for both digital and paper-based documents. Too many companies focus their data handling audits on the digital side without thinking about their physical documentation. It’s also something that should be repeated at least once a year to keep your defenses sharp.

Have a Data Breach Response Plan and Expedite Recovery With Corodata

Establishing an updated data breach response plan is the cornerstone of preparing your company for the realities of a data breach. However, we understand that even the most prominent companies can eventually fall victim to an attack.

At Corodata, our storage services enable you to “reset” your business and ensure critical information isn’t lost forever. Moreover, our secure shredding services mitigate the paper document attack vector, ensuring your company is well-protected against even the most sophisticated attacks.

To learn more about offsite storage solutions and protecting your valuable data, contact Corodata today.