ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
26 April 2018

Data breach response best practices: How to avoid a ‘knee jerk’ reaction

Profile photo of Mat Richards - Security and Mobility.
Written by Mathew Richards

Don’t panic! Here are a few tips to help you react to a data breach, calmly.

Knowing how you’ll respond to a data breach goes hand in hand with the measures you are taking to avoid it happening in the first place.

With the threat of crippling fines hanging over every business, the need to follow – and be seen to be following – best practice is critical.

The recent Facebook and Cambridge Analytica scandal has highlighted the value of data, but also the serious concerns of both the public and regulatory bodies when it comes to security and privacy.

All businesses need data – and it needs to be made available to partners and employees – to operate successfully. But now more than ever, there needs to be assurances that it’s being held with integrity and shared safely.

GDPR is just one factor that has already prompted significant and necessary investment in cyber security, user awareness training and next generation technology.

But businesses can’t remove the possibility of an incident completely.

Limit the damage when the inevitable happens

Good security and information governance should reduce the likelihood of a data breach, but also limit the damage when the ‘inevitable’ happens…

Pre-emptive testing and investment

Ok, so vulnerability scans, penetration testing activities and regular spot checks are obviously intended to reduce the likelihood of an incident happening in the first place.

But if you are taking robust steps to try and anticipate issues that may arise when transferring data, then it will obviously help your case if you are to experience a dreaded cyber-attack.

“Protection measures and rights management technologies is only going to be viewed positively.”

Likewise, proactively deploying protection measures and rights management technologies is only going to be viewed positively. For example, Azure Information Protection can prevent documents being saved, forwarded or printed unless the document author, or company policies allow it.

Preparing for the worst, taking steps to mitigate an attack, and documenting everything will make your life a lot more comfortable when you must produce your report in the event of a data breach.

Incident response policies and strategies

Despite your investment in risk assessments, employee education and protective monitoring, your worst nightmare has happened.

Now you want to avoid a knee-jerk or delayed reaction – either of which is only likely to make the situation worse.

With clear incident response policies and procedures, you can ensure a calm, collected and measured response from your organisation.

“You want to make sure the right questions are being asked.”

For example, providing your team with a simple checklist can help them quickly locate the cause, make an objective assessment of the impact, and take the necessary actions to prevent any further damage.

If this document is missing – or creates any ambiguity – then your response will be inefficient, slow and probably inappropriate.

Who’s been affected? Who do I contact? How do I remedy vulnerabilities? You want to make sure the right questions are being asked – and answered – and communication lines are clear.

The ICO offers a great document to get you started: ‘Guidance on data security breach management’.

A buyer’s guide to Microsoft Enterprise Security

A buyer’s guide to Microsoft Enterprise Security

Remove the complexity from Microsoft’s comprehensive security technology ecosystem. Download the 43-page e-Guide today and understand:

  • What Microsoft security technologies exist – and their key features and benefits
  • How each technology integrates and works together to maximise your security
  • Microsoft 365 licensing requirements – including a handy infographic
Download e-Guide

‘What if’ scenarios

Providing checklists, or run books, for staff to manage flows of activity is just the first step in the right direction – you want to make sure they’ve had exposure and input beforehand.

Everybody on your team should be on-board with the process and ‘battle ready’ – and not just at the most senior level.

Work through ‘what if’ scenarios with everyone on your A, B and even C teams, so they are ready for any incident management requirements.

External support

‘What if’ scenarios are useful, but they can’t remove the human factor.

Your employees will inevitably have an emotional attachment to their areas of responsibility.

When an incident happens, they will be under extreme pressure and undoubtedly stressed, which could compromise their actions no matter how well prepared you think they may be.

By using a third party – particularly at the triage stage – you will gain an objective view on the situation. This offers you piece of mind that the right steps are being taken.


It’s not enough that you are taking the necessary precautions and making the necessary preparations in your business. It’s crucial your suppliers assist you in meeting those standards – and you can transfer liability where appropriate.

Demand it – and make sure it’s reflected in any contractual arrangements.

You don’t want to be liable for the actions they have or haven’t taken in the event of a data breach.

Make sure you’ve got proof and can gain compliance statements if or when you’ve been compromised.


One of the most important aspects of good security governance is the ability to react quickly and effectively.

If you put the steps in place and take the necessary precautions, you can rest easier than most knowing you can meet reporting obligations in a robust manner – and minimise the damage to your organisation in the process.

Next, watch our conditional access and MFA webinar on-demand and learn why these technologies are key to securing your organisation’s assets.

Or download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.

Want more great security content? Subscribe to the ThirdSpace mailing list!

Want more great security content? Subscribe to the ThirdSpace mailing list!

Keep your finger on the pulse of security and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.

Profile photo of Mat Richards - Security and Mobility.

About Mathew Richards

Head of Mobility & Security

As head of our Mobility & Security practice, Mat’s responsibilities include ensuring that our technical knowledge and delivery capability are fully up to speed and current, as well as creating a...


You may also like...


Remote working fuels 2022 Cyber Essentials changes – Are you ready to meet the new security standard?


A quick guide to Microsoft 365 E5 Security and Compliance add-ons


Microsoft 365 licensing: E3 vs. E5 – Which is right for you?

Recent Blog Articles

View All
Related topics

A buyer’s guide to Microsoft security

Understand what each Microsoft technology does and how they all integrate.

Download 43-page Guide

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.