How Your Company Can Recover from a Data Breach and Emerge Stronger Than Ever

Posted on August 28, 2020 - by Darren Gallop - in Building Your InfoSec Program

recover from a data breach

By the time you’re finished reading this article, six companies will be successfully breached by malicious programs. Four of those companies will not recover from the data breach, closing permanently within the next six months. Hackers will also release over 1,000  new malware programs onto the web. The Internet is a minefield for companies and you may one day find yourself the victim of a data breach. If that happens, you’ll need to act quickly to mitigate disaster. Here are six steps you must take immediately to maximize your chances of survival.

7 Steps to Take Immediately Following a Data Breach

According to IBM, the average total cost of a data breach hovers at a cool $3.86 million. Much of that cost occurs because many breaches aren’t caught or acted upon quickly. When it comes to a data breach, time is of the essence. Take these steps immediately to recover from a data breach. 

1. Confirm the Breach

According to one survey of SOC professionals, as many as 50 percent of breach reports are false positives – in other words, no breach happened at all. Investigating false positives can eat away a security team’s time and budget. Therefore, always have your security team confirm that a breach happened before assembling a task force. 

2. Assemble a Task Force to Handle the Situation

Assemble a team to handle the breach. This keeps all response and recovery efforts centralized. If you already have an incident response plan that includes defined roles for each member, that will help accelerate your response. (For Securicy customers, that could include contacting our team to assist your response.) 

3. Isolate Affected Machines and Accounts

If a virus has affected a particular machine, disconnect it from the network. You may also need to temporarily disable affected accounts or limit their permissions. Likewise, you may also need to isolate the segment of your network that has been affected. 

If you’ve unplugged the computer from the network (think ethernet, Wi-Fi, even Bluetooth), don’t shut down the power to the device unless you’re directed to do so. Investigators may want to check out the machine first, while they try to figure out how the attack happened and how extensive the damage is. 

Once you’ve contained the breach, you should also enact your business continuity plan to begin resuming normal operations.

4. Examine the Evidence

Once the breach is contained, preserve, and examine the evidence. Take notes and create a timeline of events. At this point, you may need to contact law enforcement or the appropriate authorities. By keeping the evidence intact, you’ll have a much better chance of tracing the malicious actor.

5. Fix the Vulnerabilities

If the breach exploited a vulnerability in your system, now is the time to correct that and look for other possible vulnerabilities a future attack may exploit. This may include starting a cybersecurity awareness program or improving on the one you have by conducting simulated phishing exercises. 

6. Notify Affected Parties

Security breaches, in which data loss took place, often mean that companies are required by law to notify affected parties, usually within a given period. Don’t neglect this step. Failing to provide the proper notifications can threaten to further damage consumer trust or your company’s reputation and lead to costly fines.

7. Prevent Future Breaches

Your customers’ perception of your company must be one of stability and security. If you have suffered a breach you must take the steps to reassure them of you are taking corrective steps. You’ll want to demonstrate a strengthened security posture. Consider conducting a penetration test to identify additional parts of your application that need improvement. You may want to select a new security framework, . This reassurance will help build their confidence in your business and help you regain their trust.

Get the Tools You Need to Recover from a Data Breach

If you want to maximize the chances that you’ll recover from a data breach, you must act quickly when it happens. Having an incident response plan and a business continuity plan in place can help with that. Strong security policies and procedures can also make prompt action easier. Give your company the tools it needs to respond to and emerge from the breach even stronger. 

Also think from your customer’s point of view. Would you want to do business with a company that does not take the necessary steps to secure customer data? By reestablishing your company as one that takes their security posture seriously, you position yourself in their minds as a reliable and trustworthy company. Trust between two parties is the glue that keeps deals together, so take the time to build that trust with them.


Get custom information security policies generated for your business in minutes. Securicy guides you through creating, implementing, and managing your cybersecurity plan.

Try Securicy Free

About the author

Darren Gallop is a tech entrepreneur, information security expert, Techstars alumni, board member, and the CEO of Securicy. He co-founded Securicy and led the team to develop a SaaS product that guides businesses through creating, implementing, and managing their information security and privacy compliance program. Gallop previously co-founded Marcato and was CEO there for 10 years, until the successful event management software company was acquired by Patron Technology. He is fluent in English, French, and adept in Spanish. Gallop spends much of his non-work time traveling or engaging in the outdoors. Swimming, fly fishing, canoeing, camping, and surfing (basically in that order). He is from Nova Scotia, Canada.