SME survival guide: How to deal with a data breach

Senior Support Analyst

Fav thing about the office

Cheesecake Wednesdays

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Gu Puds

Favourite Holiday

2 weeks in Florida

If I had a superpower it would be...

Definitely flying

Describe yourself in three words or less

Lots of Energy

An interesting fact about me

I was once the South Ribble Chess Champion.


Exercise, Muay Thai, Singin' in the rain

Favourite Band

Its not about the artist its about the style

Karaoke Jam

Vengabus- Vengaboys

What I do at Q2Q:

I head up the IT support team.

On a daily basis I work on resolving IT issues for our clients. My skill set tends to adapt according to the current needs of our customers, from solving basic matters like fixing a printer through to more complex server infrastructure deployment. I am also often out on site visiting customers that are in need of an IT saviour.

Within the team, I work on the proposals for new and existing customers, and ensure we all work together to implement the solutions we propose.

I enjoy overseeing new projects so that, when clients evolve, we can ensure their growth, office move and/or induction of a new team member, is as seamless as possible from an IT perspective.

I also drive the rest of the team insane with my singing!

Background and Achievements

I joined the Q2Q team when they were part of the I.T. department for the Tulchan Group 14+ years ago. This was my first full-time role straight of out A-levels. I have enjoyed being part of the company and watching it grow from 3 members of staff to a blossoming 10.

I find it hard to pin point specific achievements as one of my values personally is to always exceed your own expectations. My wife would say being a great Dad to my two boys.

A great achievement for me is getting 76 miles to the gallon on the motorway and being able to finally grow stubble.

Hobbies and Interests

I aim to train in Muay Thai twice a week and religiously go to the gym every day I can.

I can juggle and have always wanted to learn knife throwing.

The Government says that almost half of all businesses reported a data beach or cyber-attack in the past year – a sobering statistic for any SME.

And what makes this even more worrying is the impact such an incident can have. If you suffer a breach, that means a hacker has access to your business data, which is a huge problem in itself. But the time spent fixing your systems, the damage to your reputation and potential loss of customers, will all create further issues.

So, if you suspect a breach has occurred, what should you do?

What has been affected?

Cyber-attacks come in many different forms, but the common theme is that they target vulnerabilities in your defences. Phishing ransomware attacks, for instance, are largely dependent on human error, as they rely on an unwitting email recipient or webpage visitor clicking or opening an infected file. Once downloaded, the malicious software lurking within enables the hacker to gain control of the device and lock its files, folders and applications until a set price has been paid to them.

This can take place within a matter of minutes, which is why it’s so important to recognise the different signs of a breach quickly and ensure appropriate processes are put into place.

The first thing is to find out what has been compromised. Is it sensitive or regulated information, such as intellectual property, personal data or bank details? Whose details are these? Staff, customers? This determines who should be notified.

Details on actions to take should be set out in any company’s cyber-security plan. This should illustrate key recovery objectives – how long can the business shut down while waiting for the restore to take place, and how many hours of business-critical data can the company afford to lose?

What should happen next?

Owners and managers of the business – and their lawyers – should be informed straight away. Depending on what has happened, another important action could be to report it to the police via the Action Fraud website.

If you think it’s a public cloud that has been hacked, you need to inform the cloud provider and under the General Data Protection Regulation (GDPR), data controllers will additionally be required to contact the ICO within 72 hours. You will need to notify anyone whose data has potentially been affected – with advice on any actions they must take – and consider other stakeholders who need to be informed too.

If a cloud is the problem, much of the infrastructure and evidence are in the hands of the provider rather than your business, so your strategy for dealing with the breach must reflect this. However, differing responsibilities can cause confusion. Usually providers manage the security of the cloud itself, but it is generally up to you to ensure that the applications and data you put there remain protected and secure.

When the dust has settled

So after the initial clean-up, what should happen next? A complete analysis of the breach is a good idea, so that you can learn from any mistakes made and implement measures that minimise or eliminate the risk of it happening again.

In addition, working out what you can do to improve security across the board is essential. Now is the time to introduce tools to identify vulnerabilities throughout your infrastructure and take steps to remove those weak spots. Whilst a company might survive one breach, a repeat could spell the end of your business.

The good news is that there are simple steps you can take to minimise this risk – and all businesses should assume they could fall victim to an attack at any time. Two things to do right now – as recommended by the Government’s Cyber Aware initiative – are to install the latest software and app updates and to use strong, separate passwords for your email.

The National Cyber Security Centre (NCSC) also publishes a complete guide for small businesses, with advice on improving security. Advice on how to train staff members is also available.

According to the NCSC, here are five key ways to protect your SME from a cyber-attack:

  1. Use a firewall to secure your internet connection

    This acts as a buffer between your IT network and other external ones, allowing incoming traffic to be analysed before it is allowed onto your network.

  2. Pick the most secure settings for software and devices

    Default configurations are often open, so check them and change them accordingly to make your software and devices more secure. One way to do this is to disable or remove any functions, accounts or services that you don’t need and add strong passwords. For accounts like banking and IT administration, two-factor authentication (2FA) – often involving a code sent to your phone to enter in conjunction with your password – is more secure than password-only.

  3. Limit who accesses your data and services

    Employees should have access to the software, settings, online services and device connectivity functions that enable them to do their job, but no more. Extra permissions can be added when required and accounts with administrative privileges should only be used for the relevant tasks. For general work, use standard accounts.

  4. Protect your business from malware

    Viruses are the most well-known form of malware, which is software or web content that has been designed to cause harm by infecting legitimate programmes. Opening a suspicious email, browsing a compromised website or opening an unknown file from removable storage media – such as a USB memory stick – can all allow malware into your systems. Use anti-virus software and only download apps from reputable sources, such as Google Play or the Apple App Store.

  5. Keep your devices and software up-to-date

    Apply updates to your computer and devices when prompted – or even better, change settings to automatically update. As well as adding new features, these also fix any newly-discovered security vulnerabilities. When new updates cease to appear for your hardware or software, you should consider a modern replacement.

If you want to find out more about protecting your business against other potential cyber threats, contact us!

SME survival guide: How to deal with a data breach