Data Breach Investigation: Best Practices


When a company has experienced a data breach, there are several factors that contribute to how a company reports and investigates that breach. Data breaches will happen. No company has the perfect security system, and there are circumstances of every data breach that are unique, and require special handling.


A well-thought out response plan is one of the most critical parts to a company’s ability to navigate through the disaster of a data breach. Incidence response teams need to guide an organization through every phase of responding to the breach. This team should include discovery, investigation, mitigation, and prosecution. An incident response team may include oversight, finance, technical, and public relations departments. Having a response team in place will give a corporation the ability to respond as quickly as to data beach incidents.


How to Handle a Data Breach


After a data breach happens, it is important to stay calm. Instigate the system that has been breached and make a forensic image of that system. Go through all the possible scenarios to determine what happened. Check the logs, find the devices that caused the breach, and investigate your system thoroughly to see where the disruption took place. If you don’t find out where the breach occurred, the same thing could happen again at a later time.


  • Determine what data you have stored. Understand the types of customer information you have. If your company does not know what data is actually stored, you can’t determine the consequences and communicate these consequences to the proper parties. Also, determine who has access to your data and why.

  • Encourage reporting. Employees should know that they can come forward and report a possible breach. IT should immediately step in and start assessing the situation. Management should be kept informed as the investigation goes forward.

  • Know your regulatory requirements. Regulatory requirements dictate what must be done in the event of a data breach. 

  • Inform the proper authorities. This should include law enforcement particularly if the break could cause harm to a person or business.

  • As soon as possible, contact your insurance carrier.  Insurance policies state that if you know of a data breach that could potentially lead to a claim, they must know the circumstances and your suspicions.

  • Business partners that are affected by the data breach should be called immediately.

  • Have a policy of what you will tell your customers and regulatory boards when a data breach occurs. Prepare a communication procedure in advance. This will help your company react quickly to any type of security breach. You are more than likely to communicate clearly if you have a written policy when things go wrong.

  • Individuals whose personal information has been breached need to know that they are in danger. Give individuals plenty of time to mitigate their damages.


Since you will have data reach issues at one time or another, make sure you have the policies in place that will keep your business ready to conform to communications and regulatory requirements.


Read also about the best practices for network security.


Ekran System is a powerful monitoring solution providing supervisors with the detailed videolog of any user session regardless privilege level. With our solution, you can not only investigate any data breach, but also prevent all possible violations in future by means of rule-based analysis system. Learn more about security monitoring and data loss prevention with Ekran System.