Data has been stolen or leaked from my organisation

At worst, a data breach or a data leak may cause extensive financial losses to your organisation. Taking care of your data security and data protection matters properly is therefore a business advantage. For example, the costs resulting from a data breach are usually significantly more than the costs of preparing for data security threats. 

Read more about cyber security and the liability of the company’s board in the guide of Traficom's Cyber Security Centre (link in Finnish).Opens in a new window.

Because a human error is often in the background of data leaks, the best way to protect against them is to train the personnel regularly on data protection matters. It is also important to make sure that data protection matters have been paid attention to in the organisation’s processes.

For your organisation to be able to protect itself against data breaches, it is important to take care at least of the following practical measures: 

• Keep the software and systems updated using automatic updates. 
• Restrict the access rights of the personnel to different systems according to need.
• Take automatic backup copies of the most important data and store them securely. 
• Test the security of the information systems regularly. 
• Consider whether a data security audit should be performed on the main information systems of your organisation. 

Make sure that everyone in your organisation complies with the following basic principles when logging into systems:

• Use two-step identification.
• Use a passphrase instead of a password.
• Do not reveal the password to anyone. 
• Do not use the same passwords in different services. 

Agree on who in your organisation will be responsible for matters related to data security and data protection. The development of data security and data protection goes more smoothly when the division of the responsibilities are clear. 

It is important for the management and the personnel of the organisation to be trained in matters related to data protection and data security. Provide training to the personnel so that everyone knows how to act in a data secure manner in their work and take into account the data protection requirements. You can also organise cyber training in which you practice acting in different exceptional circumstances.

Assess the main risks related to data breaches and data leaks from the point of view of your organisation’s operation.

• How much data does the organisation have on customers/personnel? Is this data sensitive?
• How much data is there and how extensive is it?
• How easy is it for an outsider to access the data?
• Are there any other important risks that are typical of the organisation's sector?

Draw up a contingency or continuity plan for managing disruptions and data breaches and the disruptions caused by them. In the plan, record actions that restore the organisation’s normal operation as fast and cost-effectively as possible during and after an incident.

Above all, continuity planning must prepare for the most critical risks identified in the risk assessment.