Contain a privacy breach at your business

The following tips are based on best practices and can help you contain a breach.

The Get Cyber Safe Guide for Small Businesses by the Canadian Centre for Cyber Security offers practical advice on how to prevent privacy breaches and protect your business from cyber crime.

1. Consult your incident response plan

An incident response plan can help you and your employees to respond quickly to a data breach. Your plan should include the processes and procedures to follow to detect, respond, and recover from a cyber incident.

If needed, reset affected passwords right away for network users when a breach results from a hacked user account. See our tips for creating and managing your passwords.
Disconnect all networks, systems and devices from the point where the malware or bad actor accessed the data. This can limit the scope of the attack.
Change access codes for file rooms or cabinets if needed.

Notify anyone in your business who needs to know about the data breach, such as:
- Privacy officer
- Corporate security
- Information technology experts
- Legal services

Document facts about the privacy breach. For example, what happened and why; how many people were involved; and what actions are taken.

Assess the breach once you have contained it to determine if it causes a real risk of significant harm to individuals.

Recover personal data using backups. If personal information is sent to someone by mistake, ask them to delete it, send it back securely or have it ready for you to collect. If a laptop is missing or stolen, wipe its memory remotely if possible.
Be careful not to destroy evidence of the data breach. This information can help you determine the cause and prevent future breaches.
Designate an individual to lead your internal investigation into the breach and to make recommendations.