To get the best help for your situation, first answer the questions on the Preliminary questions page.
Data has been stolen or leaked from my organisation
- Preliminary questions
- Acute measures
- Post-hoc actions
- Consider the following after the most acute situation
- Improve data security and preparedness
- Taking care of data security and data protection matters properly is a business advantage
- How can our organisation protect itself against data leaks in practice?
- How can our organisation protect itself against data breaches in practice?
- Designate responsible persons
- Make sure that there is sufficient data security and data protection competence in your organisation
- Assess the main data security and data protection risks
- Draw up a contingency or continuity plan
- Checklist
Improve data security and preparedness
Taking care of data security and data protection matters properly is a business advantage
At worst, a data breach or a data leak may cause extensive financial losses to your organisation. Taking care of your data security and data protection matters properly is therefore a business advantage. For example, the costs resulting from a data breach are usually significantly more than the costs of preparing for data security threats.
How can our organisation protect itself against data leaks in practice?
Because a human error is often in the background of data leaks, the best way to protect against them is to train the personnel regularly on data protection matters. It is also important to make sure that data protection matters have been paid attention to in the organisation’s processes.
How can our organisation protect itself against data breaches in practice?
For your organisation to be able to protect itself against data breaches, it is important to take care at least of the following practical measures:
- Keep the software and systems updated using automatic updates.
- Restrict the access rights of the personnel to different systems according to need.
- Take automatic backup copies of the most important data and store them securely.
- Test the security of the information systems regularly.
- Consider whether a data security audit should be performed on the main information systems of your organisation.
Make sure that everyone in your organisation complies with the following basic principles when logging into systems:
- Use two-step identification.
- Use a passphrase instead of a password.
- Do not reveal the password to anyone.
- Do not use the same passwords in different services.
Designate responsible persons
Agree on who in your organisation will be responsible for matters related to data security and data protection. The development of data security and data protection goes more smoothly when the division of the responsibilities are clear.
Make sure that there is sufficient data security and data protection competence in your organisation
It is important for the management and the personnel of the organisation to be trained in matters related to data protection and data security. Provide training to the personnel so that everyone knows how to act in a data secure manner in their work and take into account the data protection requirements. You can also organise cyber training in which you practice acting in different exceptional circumstances.
Assess the main data security and data protection risks
Assess the main risks related to data breaches and data leaks from the point of view of your organisation’s operation.
- How much data does the organisation have on customers/personnel? Is this data sensitive?
- How much data is there and how extensive is it?
- How easy is it for an outsider to access the data?
- Are there any other important risks that are typical of the organisation's sector?
Draw up a contingency or continuity plan
Draw up a contingency or continuity plan for managing disruptions and data breaches and the disruptions caused by them. In the plan, record actions that restore the organisation’s normal operation as fast and cost-effectively as possible during and after an incident.
Above all, continuity planning must prepare for the most critical risks identified in the risk assessment.