HR Management & Compliance, Learning & Development, Technology

Best Practices for Data Breach Detection, Response

It’s not a matter of who will be affected by a data breach but when. The COVID-19 pandemic has awakened a Pandora’s box of data predators. For a company, the breaches can be costly, both financially and in other ways, including the devastating toll they can take on your reputation.

Rawpixel Ltd / iStock / Getty Images Plus

Many breaches occur because of an inadvertent insider or human error. In general, you can lower the cost by formulating a response plan that decreases the time to detect a breach and lays out procedures for the best possible rapid response.


The best practice is to educate every employee who may have access to your company’s information on how to identify the signs of a data breach. Depending on the data, you also can purchase programs to help by shooting up red flags when a potential breach may have occurred. Generally, the flags should go up when you notice:

  • Changes in files;
  • Abnormally slow systems and devices;
  • Any irregular activity;
  • Abruptly locked-up accounts; and
  • Any unusual traffic flowing out of the business.

Some signs may be more obvious, such as customers calling to let you know their credit rating changed recently.

Customize a training program for each business so employees are aware of specific tactics to prevent or identify a breach in its early stages. Be aware of any data protection regulations that may apply to your business. Also, depending on the company, it may be wise to put a team in place to assist with training and developing the response plans.

You can reinforce the training and compliance with “vulnerability assessments” or systematic reviews of any security weaknesses in your information system. The evaluation should (1) show if the system is susceptible to any known vulnerabilities, (2) assign severity levels to each problem, and (3) recommend remediation or mitigation. Prevention will help you to identify the breaches early and respond appropriately.

Early Detection, Response

Even with regular, quality training, data breaches can happen. It’s therefore crucial to have a plan in place for that unfortunate reality. It should include a procedure prioritizing early breach detection. Through training, conducting vulnerability assessments, and knowing where information is located, you can detect a breach early and prevent extensive damage.

Your timeline should begin with the immediate reporting of any data breach signs, then continue with a rapid approach to correct any vulnerabilities and protect any further information from being compromised. An appropriate goal for the first step is to take action within 24 to 48 hours after learning of a breach.

Notification of course should be a part of the response plan. No matter how much a company may want to keep a breach a secret, a large intrusion won’t remain under wraps for long.

To avoid potential fines, the response plan should include disclosure policies for proper notification to the authorities if needed. Release information quickly, and advise customers how to proceed on their end, including different options they can take to limit personal exposure.

Your company should have an idea of how it will communicate with customers in the event of a breach. For example, draft an e-mail and letter to customers ahead of time as well as a press release if need be. Consider having your legal advisors review the documents. It’s essential to be proactive in responding to a breach.


Once a breach occurs, begin investigating the root cause, which will then lead to an idea of how large the intrusion may be. Always overestimate (rather than underestimate) the damage and exposure.

Recovery can take place once the root cause is identified. Heightened protections should be put into place to strengthen security (not increasing protection after a breach is a common mistake). Build up your defenses when a weak area is attacked. The company can highlight the increased security when communicating with the public, which can lead to stock price recovery and other positive results related to customer reassurance.

Bottom Line

In today’s virtual world, it’s almost guaranteed a data breach will happen at your company. Every business should expect it and have a plan in place with the goals of preventing extensive damage and promoting rapid resolution and continued brand loyalty.

Anna Limoges and Kelsey Heino are attorneys with the Goosmann Law Firm in Sioux Falls, South Dakota. You can reach them at or