After a Data Breach: What Not to Do

By William Vogeler, Esq. on July 11, 2017 | Last updated on March 21, 2019

What should you do immediately after a data breach? 1) Erase your browser history. 2) Go out for a few drinks. 3) Look for a new job.

Just kidding. But seriously, there are some common mistakes people make after discovering a data breach. Here are a few things not to do:

Don't Panic

Alright, maybe panic a little. But your first call should be to your IT specialist, then let that person worry about fixing the breach. Your job is to manage the situation and follow up.

Your next call should be to your lawyer -- even if you are the company lawyer. This call is about an indepedent investigation, attorney-client privilege and damage control because data breaches can come from anywhere.

"Sometimes these issues can get away from you if, at the outset, you haven't identified what needle you're going to look for in the haystack," said Valecia McDowell, a member at Moore & Van Allen.

Don't Bury It

Too often, a company will bury its heads in the sand and hope the problem goes away. In a viral world, this is not a good idea.

"You'll want to communicate with staffers, vendors, and customers to let everyone know what has been accessed, what you did to remedy the situation, and what plans you intend to take to ensure no similar attacks occur in the future," says PC Review.

It's easier to control the message when you notify others about a data breach, rather than waiting for someone else to spill the beans. And don't spin the story.

Don't Forget It

Once the situation is under control, businesses naturally want to move on. But hackers can come back, especially if they have left some back door open.

"Staying diligent and monitoring more aggressively is an important step until you're sure the organization is in the clear," says Mark Nunnikhoven at Trend Micro.

Companies should treat the data breach response as a working plan against future attacks. It should be updated as the organization evolves.

Related Resources:

Copied to clipboard