It is your responsibility to report a data security breach to the Information Commissioners Office (ICO), based on the guidance provided by the Information Commissioner. Impact Computing does not provide guidance on whether a breach should be reported.
Fraud, Cyber Crime and Phishing Attempts
Where you have been the victim or fraud, cyber-crime or a phishing attempt, you can report it to the police using the following site: Action Fraud UK Police Report. We advise with any security incident that you also inform your bank.
Office 365 or User/E-mail Account Breach
In the event you are the victim of an e-mail or user account security breach, please keep the following points in mind:
What you need to do:
- Keep in mind that an unauthorised 3rd party has possibly had access to all your confidential data, including e-mails and attachments, contacts, files, and financial information, though this is not an exhaustive list. Consider the risks and what the unauthorised party could do with this information.
- Ensure that any passwords that are reset as part of this breach follow our best practice guidelines for setting passwords.
- Remind all staff to be security vigilant and ensure e-mail security awareness is part of your induction process for new staff. Please see E-mail Fraud Security Warning for End Users.
- Pay special attention to any e-mail user receive which asks, or has links that ask, for usernames and password
What we will do:
- We will perform an immediate reset of all passwords on services that we look after for you.
- We will run a number of predefined checks on your Office 365 accounts to ensure they are secure to our baseline standards.
What you should be aware of:
- We recommend contacting your bank to discuss the potential impact of the account breach.
- As per your contract, investigation and remediation of these type of events are chargeable by Impact Computing on an hourly basis.
- Where accounts were breached due to financial, whaling, or Phishing, please see in our article for financial whaling or phishing.
- We recommend turning on two factor authentication for logon to Office 365 services - please contact us to discuss implementing this.
- We can offer additional paid for Office 365 services, in particular Advanced Threat Protection, that will improve security for your entire organisation - please contact us for details.
- In instances where the breached account sent out e-mail/malicious content to your clients, we recommend contacting a solicitor to assess your responsibilities, especially in relation to GDPR. Impact Computing cannot advise you on your legal obligations in relation to security breaches.