Cyber Liability: 5 Steps To Contain a Privacy Breach While you hope you never have to deal with a privacy breach, it is essential to have an effective plan in place to quickly respond when a breach is detected. Because leaked information in the wrong hands can be damaging to your organization, we have prepared a five-step corrective action plan to help seal the breach and resolve any new problems the incident may have created. Clarify Which Incidents Constitute a Breach The first step in protecting your company against a privacy breach is to carefully define what constitutes a breach. Unauthorized access, collection, use, or disclosure of personal client information from your database should be considered a privacy breach. Based on this definition, a stolen company laptop that contains personal client information and passwords would constitute a privacy breach. Examples of other privacy breaches may be more difficult to identify. Your cyber liability broker has experience with a variety of breaches and can help you identify potential cyber threats for your business. 2. Take Immediate Steps to Contain the Breach Once a privacy breach is detected, the first step is to contain the problem immediately by taking the following actions: Stop all unauthorized activity Recover any breached files Shut down the compromised system Change compromised access codes Inspect and modify faulty electronic security 3. Determine the Nature of the Damage If a privacy breach involves highly sensitive information that poses a risk to you and your clients, it is essential to notify all impacted parties as soon as possible. You should also discuss with your insurance broker the types of personal information you are responsible for keeping secure to ensure you have the proper coverage for a breach involving sensitive information. 4. Identify the Cause and Potential Future Threats By identifying what caused the breach, you may be able to prevent a future threat to your proprietary data or personal client information. This step requires taking a careful look at the incident to determine whether it was a one-time breach or the result of a more serious system issue. Assessing the impact of the breach may be more difficult to quantify. Things to consider include: Harm to your company’s reputation Loss of clientele Current and future identity theft Financial loss from property theft Facility security risks 5. Call Your Insurance Broker and the Authorities If the privacy breach involves a crime, you should contact the police immediately. When applicable, credit card companies, privacy commissioners and your insurance broker should also be notified about the breach. Keep a record of any eye witness accounts of the breach. The more evidence you are able to collect, including screen shots from a breached computer, the better.