Three steps to respond to security breaches effectively
Article

Three steps to respond to security breaches effectively

Many organisations may experience a security breach at some point. A security breach poses a significant risk to your organisation, so you must handle a breach seriously and immediately to minimise organisational damage. Further, each security breach response needs to be tailored to the circumstances and organisational environment of the incident.

The following steps can be followed with assistance from a cybersecurity expert to respond to the breach effectively and establish stronger controls for the future.

Contain the breach to minimise the damage

Containing a security breach will minimise its impact and subsequent organisational damage. The most effective measures to minimise organisational damage will depend on the security incident and your specific circumstances. Some examples of possible actions include:

  • temporarily blocking breached accounts to prevent further access to mailboxes and internal systems.
  • resetting account passwords
  • disconnecting systems from the corporate environment to prevent the spread of a virus or ransomware
  • temporarily stopping payments where the receiving party has not confirmed invoice and bank account details
  • remotely disabling or wiping devices.

As you undertake action to contain the breach, you need to consider the impact these actions may have on your operations and existing evidence related to the breach.

Ensuring your organisation maintains business continuity is critical for its survival and will minimise reputational damage and loss of clients and revenue. Executing an earlier defined and tested business continuity plan can help an organisation recover quickly.

Assess the breach to understand the impact and risk

The next step your organisation needs to take is to assess the breach by collecting and reviewing the available evidence of the breach. The suitability of evidence will differ based on the situation, but typical evidence that you may consider collecting includes:

  • logs related to log-in/log-off and user activity on impacted systems
  • logs from other systems where a breached account had access to the network
  • logs related to internet access points such as web and mail filters
  • laptops, workstations, tablets and mobile devices involved in the breach
  • logs regarding patch and antivirus management on the organisational environment.

Depending on the type of security breach, the collected evidence can be reviewed to fully understand the impact on the organisation and other impacted stakeholders. Evaluate the impact on the organisation and if possible, start remediating the security breach through actions such as:

  • rebuilding systems from scratch after ensuring no critical business data will be lost in the process
  • restoring data from backups after verifying the backups are not impacted by the security breach
  • implementing new business processes.

Communicate with impacted stakeholders

Organisations covered by the Privacy Act must consider their reporting obligations under the Notifiable Data Breaches Scheme.

If the impacted information includes private identifiable information (PII), evaluate the potential physical, psychological, emotional, financial, or reputational harm to affected individuals and, where possible, take action to remediate any risk of harm. If serious harm is still likely after remediation, the breach must be reported to the Privacy Commissioner and affected individuals within 30 days.

Even if your organisation is not legally required to disclose the security breach it may be wise to do so as a precaution. Consider informing affected individuals as a measure to minimise organisational damage and increase trust with these parties.

Moving forward: Review the breach and establish stronger security measures

Organisations should always review the lessons learned from a security breach and understand how it’s managing its security risk. Improvements to the organisational and IT environment, security awareness training, strengthening existing business processes, and reviewing outsourcing and governance arrangements can ensure the organisation isn’t exposed to a similar breach in the future.

If you’re concerned about your organisation’s data security or you’re unsure how to respond in the event of a security breach, contact a Pitcher Partners specialist for further information and assistance.

This content is general commentary only and does not constitute advice. Before making any decision or taking any action in relation to the content, you should consult your professional advisor. To the maximum extent permitted by law, neither Pitcher Partners or its affiliated entities, nor any of our employees will be liable for any loss, damage, liability or claim whatsoever suffered or incurred arising directly or indirectly out of the use or reliance on the material contained in this content. Pitcher Partners is an association of independent firms. Pitcher Partners is a member of the global network of Baker Tilly International Limited, the members of which are separate and independent legal entities. Liability limited by a scheme approved under professional standards legislation.

Our experts

Andrew Beitz

Andrew Beitz

Principal Adelaide
Lene Tuiatua

Lene Tuiatua

Director Brisbane
Rob McKie

Rob McKie

Partner Melbourne
Scott Edden

Scott Edden

Partner Newcastle and Hunter
Adam Irwin

Adam Irwin

COO / Partner Sydney

Thank you for you interest

How can we help you?

Business or personal advice
General information
Career information
Media enquiries
Contact expert
Become a member
Specialist query
Please provide as much detail to ensure appropriate allocation of your query
Please highlight a realistic time frame that will enable us to provide advice within a suitable and timely manner. Please note given conflicting demands with our senior personnel, we will endeavour to respond to you within the nominated time frame. If you require an urgent response, please contact us via [email protected] or 03 8610 5477.
CPN Enquiry
Search by industry