Data Breach Investigations
“Data Breaches can cause untold damage to an organisation, its bottom line, public image and the morale of staff.”
Data Breach and Unauthorised Disclosure Investigations
International Intelligence Limited has conducted Data Breach Investigations and Unauthorised Disclosure Investigations for both corporate clients and Government departments in the UK and overseas.
A breach, be it from an internal source or via external parties is highly damaging and will lead to a change in public perception of that organisation.
In many cases, if the Data Breach involves the personal information of individuals, organisations may need to refer themselves to Government bodies such as, in the UK, the Information Commissioner's Office (ICO), should a bata breach take place.
There are many different ways that a Data Breach and Unauthorised Disclosure could take place. An Unauthorised Disclosure for example may either be malicious 'Insider threat', or down to employee negligence/error and poor policies and procedures. Breaches that involve external parties can be technical, for example technical espionage i.e. Eavesdropping, Cyber attacks, Phishing and Ransomware, or physical such as Unauthorised access and Physical theft, every case could have different elements that come in to play.
Data Breaches and Unauthorised Disclosures may of course, be entirety of a commercial nature and may involve Intellectual Property or operationally sensitive information. We respect that every client is different and each will have a unique set of circumstances that led to their breach.
What damage do Data Breaches and Unauthorised Disclosures cause?
The loss of any information by an organisation will have far reaching effects, no matter the type of breach.
Government departments and commercial organisations should be concerned about:
- Loss of public confidence and reputational damage
- Staff morale issues and staff retention
- Financial impact: short, medium and long term
- Operational disruption during any investigation
It is in the best interest of any organisation that has suffered a Data Breach or Unauthorised Disclosures to launch an internal investigation and to remedy the situation as quickly as possible, regardless of any external investigation, in order to restore public confidence.
What is the key to limiting damage post breach?
Time is going to play a major factor. Organisations must act quickly to ensure that they handle the breach and to limit any damage. How you are seen to be dealing with the breach will directly affect the perception of your brand or organisation.
The effect of this type of investigation on the morale of staff should not be underestimated, a Data Breach or an Unauthorised Disclosure investigation will be intrusive and disruptive to operations. Our experience is that managing staff and internal communications will be paramount to the future of the organisation.
It is vital that organisations are seen to be doing 'the right thing' and quickly, they have an obligation to ensure that they act in a proper manner. It could be that an organisation's every move will be dissected in public, either way, this of course is very damaging to all involved.
International Intelligence Limited is well placed to carry out fair and objective external investigations into Data Breach or Unauthorised Disclosures Investigations.
Our Data Breach or Unauthorised Disclosure Investigations include:
- Immediate response and Investigations strategy
- Information technology review
- Policy and Procedure review
- PR advice
Our investigations teams work closely with our clients to ensure that all investigations are carried out with sensitivity. We know just how disruptive the fall out from a breach can be, dedicated staff will take it very personally, more so if it looks like the breach is due to an internal source, as is the case with Unauthorised Disclosures.
Points of failure
It would be fair to say, that it would be unlikely that there is a single point of failure, more likely that there is a combination of factors that were contributing. It is vital that a holistic view is taken and that the scope of the investigation is wide enough to investigate all policies, procedures and work practices.
It is entirely possible that an Unauthorised Disclosure or Data Breach investigation may not identify a single individual. But, what an investigation will uncover is points of failure that will enable the organisation to remedy and safeguard in these areas.
Data Breach Protection
International Intelligence Limited does provide a 'root and branches' review that will shore-up and improve areas of exposure, thus reducing the probability of any breaches taking place.
We utlise an experienced team of former investigators and other specialists to ensure our clients receive the very best possible service.
It is fair to say that whatever an organisation's response to a Data Breach, it will be judged on this. A swift and measured response is required.