Editorial

Data breach 101: How to avoid costly fallout

Want to avoid a data breach? Christine Sabino, senior associate at data breach solicitors, Hayes Connor, takes us through the risks that breaches pose to your business, and the best ways to avoid them

Posted 6 October 2020 by

A data breach is the leaking of personal or company data, which can be exposed through hackers or, most commonly, through human error. The real question is what risks does this pose for your company, and what can you do to mitigate the fallout?

Whether it’s a malicious employee stealing company data, or an innocent doctor mixing up medical records, a breach of this kind is entirely avoidable with the right processes in place. So, if you want to avoid a breach before your only hope is to claim compensation for a data protection breach, read on…

The risks of a data breach for your business

Data breaches may seem inconsequential, but they can have a huge fallout. Monetary costs are likely to be the biggest issues your company will face, but that’s not all! The risks to your business include:

• Sensitive company data that people can profit from being leaked
• Having credit cards and accounts hacked, and losing money along the way
• Being fined by the Information Commissioner’s Office (ICO)
• Legal trouble can ensue if customers decide to band together to take legal action
• Ruining your company name
• Losing customer loyalty, as many customers will avoid using companies after a data breach has occurred

Why is COVID-19 causing a greater risk of data breaches?

Our society relies on technology to thrive, but even more so during the COVID-19 era. This poses a huge threat to businesses.

With the speedy transition to working from home, businesses became more at risk, leaving client data open to theft. With the added changes in lifestyle due to everyone remaining in the house, alongside this, our current situation poses a minefield of threats to navigate.

Some of the lifestyle changes may be putting us all at greater risk of hackers, include:

• Many people were working from home using personal laptops, exposing company data to malware.
• Others were sent home with company laptops, but may have been using these PCs for their own personal use as well, further exposing company data.
• Using technology to communicate, including video software which is liable to hacking.
• Shopping online more so than before.
• The use of test and trace and eating out apps, which put all our data in the hands of more businesses than ever before.
• Becoming more susceptible to spam emails due to being at home all the time.

Top tips to avoid a data breach

As an employer and an employee, we each have a duty to protect our company and client data at all costs. Without putting in place these safeguards, especially during a time of high-risk, we’re opening ourselves up to the fallout.

So, what can companies do to mitigate this risk? These tips should help:

• Ensure you have a VPN, and that everyone in the company is using it
• Provide work laptops for remote working
• Update devices regularly
• Install malware software to tackle any viruses
• If work laptops aren’t available, pay for staff to install malware software on their devices
• Don’t use work laptops for anything personal, and vice versa if you can avoid it
• Make sure all devices go to sleep automatically after a certain amount of time unused
• Shred sensitive documents no longer in use, including receipts, bills, payslips etc.
• Use strong passwords
• Make sure as many devices and apps as possible use multi-authentication to log in
• Ensure all staff are trained on GDPR, recognising malicious emails, and the ways to handle company data
• Monitor all payment accounts regularly
• Use PayPal for any transactions with companies you are unsure about
• Use secure browsers, for example https:// sites
• Don’t share any business information outside of the company
• Contact the correct organisation if you note any suspicious activity
• Don’t overshare online

Have You experienced a breach of data?

We’ve now seen the measures you need to be putting in place to avoid a data breach in your business. That said, despite all these actions, cybersecurity issues may still occur. Therefore, it’s important you have a plan of action.

A breach of data may put a customer’s sensitive information at risk of poaching, but it may also be a little emotional for them. Because of this, they’ll be looking for you to own up to your mistake. So, the first course of action should be to make a public declaration of apology, using the press to help.

Once you’ve acknowledged the issue, you need to do everything you can to mitigate the fallout. So, hiring a solicitor should be your next step. They’ll be able to guide you on what steps to take to remove the risk and prepare you for potential legal battles to come.

So, have you got everything in place to avoid this fallout at all costs?