Be prepared - how to avoid a data breach and what to do if once does occur

General Data Protection Regulation (GDPR) and equivalent UK data protection laws are looming, and as a result the spotlight is fixed firmly on protecting consumer rights and customer data. Put simply, once GDPR becomes law businesses won’t be able to suffer a data breach without risking serious and lasting damage to their reputation.


Our IT support partners, PCM know a lot more about the topic than us, so here’s their sagely advice on how best to avoid a data breach, and what to do if once does occur.


In 2017 we’ve already seen hacks and cyber-attacks on Debenhams, Wonga, Three and the NHS. The WannaCry ransomware attack made global news due in part to the scale of organisations that were affected. But small and medium businesses are as much at risk as large enterprises.


Cisco’s 2017 edition of its annual cybersecurity report detailed the financial repercussions of a data breach:

  • 22% of breached organisations lost customers
    • 40% of them actually lost more than a fifth of their customer base.
  • 29% lost revenue
    • 38% of that group lost more than a fifth of their revenue
  • 23% of breached organisations lost business opportunities
    • 42% of them losing more than a fifth of such opportunities.


As cyber criminals become more sophisticated, security technology struggles to keep up, and smaller businesses are left at risk. Therefore, how can you handle a data breach to minimise the negative impact on your business and its reputation?


1: Make sure your technology is up to standard

As the saying goes, the best offense is a good defence.


Installing security programs, keeping your software up-to-date, and learning how to spot potential hacks are all relatively low cost steps to take. The problem though can arise in maintaining your defences – especially when the pressures of your business’s bread and butter push such thoughts to the back of your mind.


Contracting an IT support company (like us!) removes this pressure and ensures your technology is kept secure. Not only should they be able to install the relevant software, run required updates, and take all the necessary steps to prevent viruses from infecting your networks and computers, but they should be able to train your staff to identify potential data risks.


2: Have a communications plan in place for data breaches

It’s better to be prepared and never have to use your communications plan than to be caught off-guard and get it wrong. Your communication plan should include:

  • An assessment of the data you hold, and the consequences if that data is illegally accessed
  • Details of the team(s) and spokesperson who will lead the company through the data breach
  • The legalities of what you are obliged to disclose and what you’re not
    • Public and private organisations will have different rules, and different types of data need handling differently
  • You will also need to make sure that when new legislation or laws are introduced, your plan takes these changes into account.


Word on the street is that there’s a small, but perfectly formed agency in Leeds called Source who can do this for you – give them a call on 0113 3801644 or drop them an e-mail –


3: Time Your Communications Right

It’s always best if news of a data breach comes from the affected business rather than being leaked to the media via another (often irate) source. But when you decide to make the breach public is important. Release the news too fast and you may not have all of the facts. Leave it too late and you look like you were trying to cover it up.


A good PR firm (such as Source!) will not only help you prepare your communications, press releases and stakeholder messaging in the event of a data breach, but will advise on who to inform and when, and monitor all coverage and content on your breach to ensure reputational and business damage is kept to a minium.


4: Monitor customer sentiment across social media and the web

Everyone’s a judge in the world of social media. People can instantly add a negative comment or poor review about your business, product or service online and all of a sudden their connections see it and the negativity spreads.


During a crisis such as a data breach, monitor the responses from customers and the general public and respond where appropriate. All responses should be approved by the team detailed in the communications plan, and you should council employees to refrain from interacting with negative reviews from their personal profiles.


There’s no escaping the reality that a data breach can cost businesses lost revenue, lost customers and, less obviously, lead to increases in the operational costs of the business. How you prepare and how your subsequently respond in a time of crisis can help to reduce the impact of those costs – so be prepared!


PCM is an IT services company in Leeds to whom we outsource our IT support. The company provides full support on any IT issues and secure remote data backup. The also work with us on IT support, data protection and our collaboration software. 

Written by Sarah Collett, PCM, 15/09/2017