Transparent IT Expo - Portsmouth - Wednesday 13th March 2024

What To Do After A Data Breach: Best Practices

Data breaches are one of the most dangerous things a modern business has to face. Even the best security defenses are vulnerable to a single mistake in the system. Once that happens, hackers and malicious actors strike fast. When data is being breached, it’s vital to act fast and minimize the damage.

Whether it’s for a single computer or network-wide, there needs to be a few things you need to do right after a breach. These will ensure that while the damage is done, it won’t completely derail future plans. Take it as a cautionary tale for future encounters, and plug any holes left by the breach.

Essential Practices for Post-Data Breach

All of these practices should be done in quick succession, or in some cases, simultaneously. The key to all of this is speed.

Notify Your Banks Immediately

This is absolutely the first thing you should do the moment you notice a data breach. Freeze all of your bank accounts if you still have access to them, and regardless, contact all of your banks. Whenever a data breach occurs, it’s almost always to go after the device owner’s bank information, then other vulnerable data.

The most immediate concern is money primarily because it’s the most obvious choice of attack, and it’s also the quickest that will respond to this kind of claim. Banks have a lot to lose by letting the money they have responsibility over get stolen. Request for them to reset any passwords once the account has been frozen.

Get Your IT Team Together Quickly

If the data breach occurred during hours and you were the first to notice, then it’s absolutely important for your IT team to know the news immediately. They will know what to do more than anybody else. They can walk you through any emergency contingency plans that have been put in place. If the IT team already knows, make sure they’re shoring up cyber defenses quickly. 

A rule of thumb in good compliance risk management is to always trust the expert. When it comes to cybersecurity, it’s very important to not go on “instinct” if you aren’t an expert yourself. Too many managers or owners feel they know more than the people they hired. 

Notify Friends and Family

Once your funds are secured, start notifying your friends and family about the data breach. The hacker may have started sharing private information and pretended to be you to gain some sort of benefit, whether that’s insider information or just money. Friends and family are vulnerable to this because the layperson isn’t tech-savvy enough to notice account imposters.

It’s also good to check on friends and family anyway because you can get some clues as to what the hacker was after. This could help in narrowing down the suspects once the proper authorities have been contacted. Meanwhile, this also gives your IT team one less thing to worry about, privacy-wise.

Change All Passwords

If you still have access to accounts, immediately start changing all the passwords. If any accounts don’t have two-factor authentication, then now is a great time to start applying it all over the place when available. 2FA isn’t nearly as widespread as it should be due to carelessness. However, having two locks to unlock is a strong form of protection in its own right,

When changing passwords, don’t use passwords that are similar to the old ones. Follow the usual etiquette of at least one uppercase, one lowercase, one number, and one symbol, then make it lengthy. Strong passwords are a great defense but many people don’t understand what a strong password actually is. Something like “B@nana1” simply won’t cut it.

Start Saving Data

Whether the breach is ongoing or the damage has been done, back up any and all important data still available. If it’s ongoing, make sure that any existing backups are stored somewhere with no risk of attack. Backup everything on an external hard drive for maximum security, as cloud storage could very easily be accessed when they already succeeded once.

Even hackers take a bit of time to gather everything and deal with the damage they need to do. It’s why you should beat them to as much data gathered as possible. Even if it’s breached data, making sure you have records for posterity is still very important. It makes investigations in the future go faster. This is especially important if your backups aren’t as up-to-date as you wanted.


This is about the extent of what you can do immediately after a data breach. Everything else such as notifying authorities and mass restructuring is a different thing entirely. In truth, it’s more important to proactively mitigate the risk of ransomware attacks by being prepared. Make sure an attack doesn’t happen in the first place and it means a lot less running around plugging leaks.