Can a data breach be a good thing?
This does seem at first glance to be an unlikely notion. Usually, when we think of a data breach, we think of reputations being damaged, with nothing enhanced.
However, when you think about it for a moment, there are benefits to be found and these should be seized upon.
An ‘incident’, which is any potential breach, needs to be recorded internally and investigated. Once a ‘failure’ or ‘weakness’ is made apparent, whilst it can be a shock, this should be welcomed as an opportunity for improvement. If you don’t know something is wrong, you can’t fix it. Once you know, something can be done about it.
Of course, doing a thorough audit and ensuring your processes and systems are as robust as possible is still essential, but sometimes, in spite of all the best practice being put into place, breaches still happen.
So how can this possibly be a good thing?
Imagine 15 wrong emails are sent in 1 month – this is likely to be an indication that something more serious could or might already be happening. IT may be asked to help mitigate the errors, or more specialist training may be required. Ignoring the incidents and doing nothing is not an option.
Companies need to foster an open blame-free culture to encourage staff to report. Human error remains one of the biggest causes of data breaches – if people try and cover things up, the problem is only likely to get worse.
This kind of culture and proactive, positive approach to ‘incidents’ will reflect well on your organisation, should there be a serious breach. However, by taking any smaller incidents seriously, learning from them and acting upon them, this should minimize the chance of a serious breach happening.
We suggest you are proactive. Whilst you should have prepared and done everything possible to avoid an attack or a breach, it is wise to plan for what some see as inevitable. Remember that how you respond to attack is as important as how you plan to prevent one.
How you deal with any communications regarding the breach should be a key part of your response strategy. Make sure you have a PR plan prepared. Communicate, be transparent, involve senior leadership team in any announcements. Prioritise your customers. It is often bad PR that causes damage following a breach, almost as much as the breach itself.
If you require any assistance or further information, get in touch with Griffin House Consultancy today on 01673 885533 or email us at [email protected].
You can also sign up to our eBulletin for the latest developments in data protection, information governance and compliance.
Do you know when and how to report a data breach? Read our latest blog…