4. Inform the authorities
Depending on the scale of the attack, you might have to inform the authorities of what has happened.
The Information Commissioners Office (ICO) are responsible for the enforcement of the Data Protection Act 1998, so they will be able to offer help and guidance if the attack isn’t down to negligence on the part of the business.
5. Consider reputation
Businesses holding a large amount of customer data will be the hardest hit. Maintaining customer confidence is crucial in this type of attack and a well thought out communications plan will be key. While it’s easy for a business to think they’re the main victim of the attack, the consequences can often be much worse for the customer.
It’s also worth noting that you’re well within your rights to request that information is taken down from social networks such as Reddit, Facebook and Twitter if it has been uploaded to these channels.
6. Stay vigilant
Once the attack has been resolved (as best it can), businesses should fully audit their security policies and procedures, to avoid the same thing happening again.
An audit will identify any holes in your current security practices, assess whether procedures were robust enough and being correctly followed, as well as suggesting any areas for improvement, to help businesses stay ahead of any threats.
Cyber-crimes are now being reported on increasingly in the press, following a series of high-profile attacks – awareness is undoubtedly growing, which can only be a good thing.
The aftermath of an attack can be a whirlwind, and extremely daunting for those that have not been victim to an attack before. However, if the above steps are followed, and a calm and collected head is kept, consequences can be kept to a minimum.
Stephen Attree is managing partner at MLP Law.
Share this story