Data Breach – What next?

In past blogs I have talked about what sort of dangers lurk in the cyber world, and what we can do to try to minimise the risk. However, despite our best efforts what should we do if something does happen and our data or systems are compromised?


Here’s a few tips:

  1. Act quickly.
  2. Appoint someone to investigate all aspects of the breach and manage all involved in identifying the implications and restoring sanity.
  3. Establish the facts.
  4. Contain the vulnerability that caused the incident.
  5. Manage your communications – both internally and if needed, externally.
  6. Consider if regulators need informing – and generally, the sooner the better.
  7. Notify all those affected – clients, suppliers, employees.
  8. Issue guidance in areas such as password resets and other areas of risk reduction.
  9. Prepare a plan for managing complaints, claims and responses.
  10. Consider action against any third parties who may have failed in their duty to you.


Hopefully the impact of a security breach will not need all of the above, but in these days of ubiquitous use of the internet the incidence of planned, careless or malicious cyber-attacks becomes bigger by the day.


The impact to your business can be severe, and so like it or not you should develop well thought through policies around prevention and reaction.


My next blog will cover some proactive risk reduction measures you can take, and if you’d like an advance preview, do please send me a secure email.


Martyn Best is founder and CEO of Document Direct, the insourced typing and transcription agency who manage the safe creation of around 30,000 documents per month in the legal and professional sectors.  e-mail:


To read more of Martyn’s blogs, click here.