Measures to Take After a Data Breach

One 400

25 January 2021

A data breach can be one of the most costly and damaging events occurring in business today.

While law firms take every measure to prevent these intrusions, they can happen even under the most controlled cybersecurity policies.

Damage control is of the highest priority, and law firms must immediately activate a response plan.

My Company’s Data Has Been Breached. Now What?

Once a breach has occurred, the ICO recommends taking the following actions.

Prevent any further illegal activity by shutting down the lines of communication to the impacted systems. However, any existing auditing and logging applications should remain operational to provide additional information on the breach. If there were any physically accessible areas to sensitive computer systems, change access codes to prevent future entry by unauthorized personnel.

Update or lock credentials on all impacted systems. This action will prevent any further access by hackers.
Activate your damage control plan. Gather a team of experts experienced in cybercrime who can thoroughly investigate the breach by collecting and analyzing evidence. If necessary, recruit third-party data forensics investigators who can take on this responsibility.
Search for any exposed data that may appear on other websites. If posted, contact the associated business to have this information removed.

Damage Control Measures

After the above immediate actions are taken, a thorough investigation into the data compromise’s scope and impact should follow. System logs and audits can help pinpoint how the breach occurred and the extent of the damages.

Investigating how the intrusion happened is a crucial step to controlling damage and avoiding future occurrences. There are many possible causes that may involve staff. These range from someone disclosing their sign-in credentials to unauthorized parties to a malware-infected device logged into the network. However, the failure to adequately patch or update security software can be a probable cause as well.

Depending on the causes of the breach, several actions can be immediately taken to prevent further damage.

Run virus and malware scans to catch potential issues that may have contributed to the breach.
If a mobile device used to connect to the network has gone missing, remotely lock or delete apps related to the company.

If necessary, verify and change firewall rules that may have allowed an unauthorized user access to the network. Check if the service provider is involved and if and how they will address the problem in their systems.

Legal Responsibilities to Clients

Data breaches do not just damage businesses, they adversely affect clients if their data is stolen and subsequently exploited. Many underground avenues exist online in what is known as the dark web, where unscrupulous parties exchange credit card numbers and other stolen data. The affected business has a legal and moral responsibility to its customers to protect them from financial damage resulting from the data breach.

There are measures law firms can take to help protect their reputation while assisting their clients.

By law, cyberattacks must be reported to all those affected.

Contact the company’s insurer so that they are aware of what has happened.

Consult with a public relations expert for assistance in damage control and interfacing with the media if the breach is made public.

Consult with a lawyer, especially if litigation from customers and regulatory agencies will be an issue.


For more information on how Advantage365 can help your law firm, please call us on 0121 212 6580 or request a free call-back using our contact form to get free initial advice. You can also access a wealth of free business information for lawyers by visiting our digital Resource Centre and view our free Business Factsheets .

Alternatively, please subscribe to our services here or book an online consultation here, or email us on