Worried about suffering a data breach? If not, you should be.

According to a report by IBM, the global average cost of a data breach was $4.24 million last year – an increase of 10% compared to 2020's average.

And they don't just hit your bottom line – they swallow up your time too. The same report found that businesses took – on average – 287 days to identify and contain a breach.

Long story short, the results can be catastrophic. That's why businesses should be doing all they can to stop them from happening.

But sometimes the worst does happen. So it's important to prepare a disaster management plan to help coordinate your response, should your business fall victim to cybercrime.

We've got your back. Here are 11 tips to help you prevent or manage a business data breach.

How to prevent a data breach

The sheer amount of admin required in the aftermath of a company data breach should be enough to make every business step up their security so it doesn’t happen again (or ever!).

Here are some tasks to add to your cyber-security checklist:

1. Antivirus software

Malware remains a major threat, and the software is getting smarter and smarter by the day. One click onto a word document attached to a legit-looking email could give criminals access to sensitive company documents (or even those holiday snaps you uploaded the other day). 

That’s why you need to invest in some high-quality antivirus software, which can remove malware and viruses before they can do any damage. Most antivirus apps can also integrate with email clients and web browsers, so you'll have extra peace of mind when it comes to dodgy attachments and links.

2. Strong passwords

Weak passwords are one of the leading causes of data breaches in both personal and business settings. While you may use a password that's on par with the Enigma Code, you need to make sure that your staff do, too.

We recommend implementing a password policy and making sure staff stick to it. Your policy could set out password requirements like:

• A mix of upper and lowercase letters 
• The inclusion of at least one number or special character
• A minimum length (say, 10 characters)
• Password expiry dates, to encourage regular updates (though this can have unwanted side effects; see below)

3. Password managers

People are going to forget passwords – it’s inevitable.

For this reason, staff often rely on simple variations of expired passwords. But while this might make them easier to remember, it's bad for security.

Instead of asking staff to remember dozens of passwords, you might want to consider a password manager. They work like a safe, keeping complex passwords secured and safe from prying eyes.

These password managers also sometimes offer security features like the ability to force-reset a user’s main password.

4. Cloud backup solutions

Always have a spare. A good cloud backup solution can encrypt your files (so they can’t be read by third parties), make a perfect copy of your data, and restore lost or corrupted files when things go wrong.

Why is this relevant to data breaches? For two reasons.

Firstly, not all data breaches happen digitally. Cybercriminals can – and do – steal physical backup drives. Keeping your data backed up in the cloud all but prevents this possibility.

Secondly, data breaches often go hand-in-hand with other cyberattacks. Hackers might steal your data and encrypt it so it's inaccessible to you – while demanding a hefty fee for its "safe return".

Keeping a backup means you can return your data to its pre-encrypted state. Sure, you'll still have to deal with the fallout from the breach, but at least your computers won't be bricked.

5. Multi-factor authentication

A hacker has gotten your password somehow… now what?

If your business uses multi-factor authentication, you can breathe a dramatic sigh of relief. Also known as MFA, multi-factor authentication requires more than your password to prove your identity.

For example, you may have to enter a randomly generated code from an app or text message, which your hacker won't be able to access – hopefully!

6. Cybersecurity awareness training

Stay at the top of your game when it comes to the latest cybersecurity threats by attending regular training. You should also make sure everyone who works with you is trained in basic cybersecurity, to minimise the risk of data breaches and the many headaches they bring.

Preparing for the worst

These tips may help you reduce your risk of a data breach significantly, but it’s important to remember that no defence is 100% effective. Criminals are always coming up with new ways to steal our data, so you need to be prepared in case the worst comes to the worst.

Your disaster management plan

Been alerted to a breach of company data? That would be bad news at the best of times – but things would be even more difficult without a solid plan of action.

Here's a simple guide to handling a breach:

7. Get your facts straight

The first thing to do is verify the source of the breach and try to ascertain exactly what's been stolen. Don't panic – and don't wipe your systems… yet.

8. Contain the breach

The specifics of this stage depend on the nature of the breach and the tools you have at your disposal. You may want to do some – or all – of the following:

• Disconnect from the internet immediately
• Change passwords (while documenting old ones for later analysis)
• Disable remote access
• Disable employee accounts, if you suspect they were involved

9. Preserve evidence

You have a long road of fact-finding and investigations ahead of you. Make sure you document as much evidence as you can for future analysis. This includes things like:

• Imaging drives at the time the breach was discovered (or as close to that time as possible)
• Keeping a record of passwords and other access credentials
• Quarantining (but not deleting) any detected malware
• Noting the physical configuration of your network, as well as hardware and software settings

10. Notify authorities – and customers

Start by letting authorities know about the breach, as well as any critical partners such as your merchant bank.

Then – yes – it's time to face the music and inform your customers. Whether it’s an email, text, or phone call, you need to communicate a data breach to your customers as soon as you can – and advise them on any steps they need to take. If you don’t, there could be serious financial and reputational implications.

Don't try to downplay it. All necessary information should be disclosed to customers and stakeholders so they're aware of the data-compromising risks they face if they do not follow your instructions.

11. Begin the investigation

Before you can say "business as usual", you need to thoroughly investigate the breach and take steps to ensure it doesn't happen again. 

This can be very difficult and time-intensive. You may want to consider hiring a specialist investigative firm to make sure things are looked into thoroughly – and to allow your IT staff to focus on day-to-day matters.

Prevention is better than cure

If this all sounds like a lot of work, well… that's because it is.

But there is a way to safeguard your business that won't take up too much of your precious time.

Our security monitoring software can protect you from up to 98.5% of all cyber attacks, without the need for on-site expertise or hefty financial investments. It takes on the job of a whole security team, constantly assessing your systems against recognised security standards as well as providing clear directions when something goes wrong.

The best bit? It's very affordable. For one small monthly payment, you can enjoy ongoing enterprise-grade security and pass your Cyber Essentials certification quickly and easily.

Learn more about our cybersecurity software.