Dealing with a business breach

The Cyber Helpline is a service for individuals and sole traders only. If your business has experienced a security incident then you will need to seek help elsewhere. If you are a sole trader, but we have identified your issue as a business breach, use the chatbot (which will have popped up again) to contact our human helpline. The option for getting more help is after the feedback questions.

While we do not support business breaches, you can use the information below to help you understand your potential options. There are a wide range of ways a business can experience a security incident and different levels of complexity - we highly recommend you seek the right legal and technical help as soon as possible.

Approaches to dealing with a business breach

Some important steps and considerations for dealing with a breach. Note these are not necessarily in chronological order or in order of importance.

  1. Report it internally - It is very important to note that your organisation will likely have an Information Security Policy which outlines how to report a security incident. If you are not responsible for IT or security at your organisation you should report this internally ASAP. Your organisation will have a plan to handle the breach ands be thankful that you highlighted the issue as soon as you could. Hiding an issue is only likely to make it worse.

  2. Follow your incident response plan or seek help from experts - if you are a larger business with an incident response plan then time to seek it out and follow it. If you are a smaller business with no plan, or IT/security team, then you are likely going to need the help of an expert who can help.

  3. Work to identify the issue and investigate - the first step after realising you have an issue is to understand it. You may have been notified by an external source about a breach of your systems, your monitoring may have picked up an issue or you may be experiencing issues first hand with your IT estate - regardless you need to understand the extent of the issue, the impacted systems and data so that you can pull together a plan.

  4. Contain the issue - the focus of this stage is to stop the spread of the issue and limit damage to impacted devices and systems. A key focus here is protecting and keeping available critical systems and determining the status of impacted systems.

  5. Seek legal advice - once you know the extent of the breach you are going to need advice on what your legal and regulatory obligations are. For example if you you have had a breach of personal data then under the General Data Protection Regulation you will need to report to the Information Commissioner’s Office within 72 hours of becoming aware of the breach. If there is a high risk the impacted data will highly affect the individuals involved then you will also have to notify them.

  6. Check your insurance - if you have cyber security insurance - or other insurance that may cover your issue - then notify your insurer. They may provide specialist help and will help you with what they will cover as part of the policy.

  7. Eradication - this is actually removing or shutting down the issue and recovering to a safe environment. First step will be restoring systems using back-up and any other contingency plans you have. Next you will want to validate that your systems are clean and operational.

  8. Learning - once you are back to normal it is important to take the time to learn from your experience. What additional defences do you need? What changes do you need to make to your incident response plan? What external relationships do you need in place to help you in future?

Where can you get help if your company has been hacked?

  • Cyber security firms - there are many specialist cyber security incident response firms - or wider IT security firms that have an incident response practice. Check with your current suppliers what capability they have or seek a reputable firm who can help.

  • IT support organisations - for simple issues many IT services firms may be able to help. If you already have an IT support contract in place then they may have some expertise. However, be aware that cyber security is a specialist issue and if your reputation and customers are on the line then you will want a specialist.

  • The police - when you report a cyber crime to Action Fraud you may be able to get some immediate guidance on the phone or from a cyber crime team if resources have been allocated to your case.

  • Your insurer - As above, it is worth checking with your insurer whether you have a policy that may help. If so, you may have access to specialist skills and funding to help you respond.

  • Your lawyer - Lawyers can help you navigate your legal and regulatory responsibilities. They may also have experience around incident response and have relationships with specialist cyber security firms who can help.

  • Your PR firm - good communication is a huge part of minimising the impact of a breach. If you have internal PR expertise then engage it on your breach communication plan. If you don’t, it is worth considering getting some outside help for the duration of the breach.

Reporting a business cyber security breach

Typically you have to report a breach if a crime has been committed, personal data has been exposed or you are required to do so by a regulator.

  • Action Fraud - if you are reporting fraud or cyber crime you report to Action Fraud. You can do this online or by calling 0300 123 2040. For urgent issues it is best to call.

  • National Cyber Security Centre - you can report cyber security breaches to the National Cyber Security Centre. This is typically just to let them know about the breach or to seek expert technical support.

  • Information Commissioner’s Office - there are certain incidents that must be reported to the Information Commissioner’s Office. For most this will be for a personal data breach under GDPR, however, this also covers PECR, NIS Directive and eIDAS regulation.

Donate

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime. 

To help people like you we rely 100% on donations from people like you.