Client Area Contact
Contact Client Area
Menu
Blog

What to do in case of data breach in your company

Monday morning, 8:30 a.m. An employee opens a mailbox and sees that a spreadsheet containing customer data has accidentally been sent to the wrong recipient. Or worse: a laptop turns out to have been stolen, without proper encryption. Then you don't want to find out who is responsible or where the protocol is again. You just want to know what to do in the event of a data breach, and preferably right away.

For many SMEs, a data breach is not a theoretical risk, but a practical problem that is suddenly on your plate. This is precisely why it helps to look not only at rules, but especially at the first actions that bring peace of mind, limit damage and provide clarity. A good response to a data breach starts not with paperwork, but with grip.

What exactly is a data breach?

A data breach is broader than many organizations think. It's not just about hackers or ransomware. A misdirected e-mail, a lost USB stick, unintended access to personnel files or a misconfigured shared folder can also be a data breach. Once personal data is lost, unintentionally shared or accessed by people who shouldn't see it, you have a serious problem.

That also makes the question of what to do in the event of a data breach immediately difficult. Not every incident has the same impact. A quotation sent without sensitive data requires something different than a file containing BSN numbers, medical information or salary data. So your approach must be quick, but not blind.

What to do in data breach: the first hours count

The first step is simple: stop the leak if you still can. Revoke access rights, block accounts, take files offline, change passwords or take a device out of use. If an e-mail was sent in error, try to reach the recipient directly to ask them to delete the message and not distribute it further. That doesn't solve everything, but it can limit the damage.

Then you immediately record what happened. Not tomorrow, but immediately. Record when the incident was discovered, what data is involved, how many people may have been affected, who had access and what actions have already been taken. This not only helps with assessment, but also prevents you from having to make decisions later based on loose reminders.

Next, you determine internally who is in charge. In smaller organizations, this is often the management together with IT or the external IT partner. In larger organizations, this may include a privacy officer, HR or legal support. The most important thing is that the direction is clear. In the event of a data breach, you don't want a meeting with ten opinions; you want a small team that decides quickly.

When should you report a data breach?

You don't have to report every incident, but you do have to review every incident. That distinction is important. The question is whether the data breach poses a risk to the rights and freedoms of affected individuals. Think of identity fraud, reputational damage, financial damage or unwanted disclosure of sensitive information.

If that risk is likely, you must report the data breach to the Personal Data Authority. In many cases, you must do so within 72 hours of learning of the leak. That deadline is shorter than many companies think. Waiting until all the details are clear is usually not a good idea. You may often provide additional information later, but reporting too late is a separate problem.

Sometimes you also need to inform those affected themselves. This is especially true if the leak is likely to pose a high risk to the people involved. For example, if passwords, identity information, medical information or financial data have gone out on the street. That notification must be clear. No legal smoke screen, but simply an explanation of what happened, what the possible consequences are and what people can do themselves.

Facts first, then assumptions

When an incident occurs, there is often immediate unrest. Someone says that a mailbox has been hacked, another suspects that only a password has been guessed, and meanwhile everyone pretends that the cause is already established. That's risky. When assessing a data breach, you need facts.

Therefore, investigate specifically what happened. Which systems were affected? Was it personal data or just business information? Was the data encrypted? Is there evidence that files were actually accessed or only potentially accessible? That nuance matters. A lost laptop with full disk encryption is different from an unsecured laptop with open client files.

At the same time, be careful that research does not become an excuse for inaction. In practice, research, communication and management measures often run side by side. This is not sloppy, but rather realistic.

Practical mistakes that increase the damage

The biggest mistake is underestimation. Many organizations are quick to think when faced with a small incident: we will solve this internally. Sometimes this is true, but it often turns out that more data was involved than expected or that log files show something else. Then you lose valuable time.

A second mistake is too broad internal communication. When an incident goes around immediately in all sorts of group apps, mailboxes and consultations, noise is created. Information is shared incompletely, misinterpreted or accidentally spread further. So work with a limited incident group and clear reporting.

The third mistake is looking only at technology. Of course IT needs to figure out what went wrong, but a data breach is also a process and people issue. How did it occur? Was there an unclear workflow? Too many access rights? No two-factor authentication? Poor instruction for employees? Without that layer, you only address the symptom.

What do you do after the initial reception?

Once the acute risk is under control, the part that many companies skip begins: structural improvement. That is precisely where the profit lies. A data breach is annoying, but also a sharp reality check. You suddenly see where there are dependencies, which systems are vulnerable and where processes in practice deviate from what is written on paper.

First, look at access management. Do employees have access only to what they really need? Are retirements processed immediately? Are shared accounts still being used? In many SMB environments, there is more risk here than in sophisticated cyberattacks.

Next, review your basic security. Consider multifactor authentication, device encryption, secure backups, logging and current updates. This sounds familiar, but in practice the difference is often in implementation. A measure that is half-implemented gives mainly false security.

User behavior also deserves attention. Many data breaches occur not because of ill will, but because of haste. Just quickly emailing a file, using a private device or share a folder publicly because working together otherwise feels too syrupy. Then the solution is not just stricter policies, but ensuring that working safely remains practical.

What to do in case of data breach when working with vendors?

Almost no business runs entirely on one system or one party. You often have to deal with cloud software, hosting, telephony, workstations, backups and external administrators. If something goes wrong there, the question of what to do in the event of a data breach is extra relevant, because responsibilities quickly get mixed up.

Therefore, make clear in advance who does what in the event of an incident. Who monitors? Who is investigating? Who reports? Who communicates to your customers or employees? This should not only be discussed when the pressure is on. Good agreements with suppliers and an IT partner who can respond quickly make a huge difference.

For many organizations, that's also when fragmented IT turns against them. If workplace management, e-mail security, backup and support are in the hands of different parties, incident response often takes an unnecessary amount of time. This is precisely when you notice how valuable it is to have a single point of contact who knows your environment and can act immediately.

Preventing a data breach is never 100 percent successful

That may not be the answer you want to hear, but it is the honest answer. No company can eliminate every data breach. People make mistakes, systems have vulnerabilities and threats change. So the goal is not perfect security, but demonstrably sensible action.

That starts with preparation that is workable. A short incident protocol, clear roles, basic measures that are really on, and employees who know when to report something immediately. Not because you want to organize panic, but because speed and clarity make the difference between a manageable incident and a lingering issue.

If you set it up right, the question of what to do in the event of a data breach no longer becomes a stress reaction, but a process that your team recognizes. And that's exactly where the peace of mind lies. Not in the illusion that nothing ever goes wrong, but in the certainty that you know what to do if it does happen.

For SMEs, that is often more important than yet another layer of security. Of course technology must be in order. But ultimately it's about continuity, trust and the question whether your organization continues to function well under pressure. This is where an involved IT-partner like Lennmedia makes the difference: not with complicated stories, but by making sure you don't have to search for problems, but can act immediately.

So make sure you already know today who you are calling, what you are recording and when you are scaling up. In the moment, you're always later than you think.

Continue reading
Choosing business internet for office

Internet

Choosing business internet for office

Read Case

Security

Double Protection: the value of Cloud-to-Cloud backup

Read Case
All blogs