What actions to take when a user has been involved in a breach

Learn what steps you should take when you're alerted about a new breach affecting users in your company.


When you are alerted of a new breach affecting your end users, it is important to take the opportunity to strengthen your company's security profile and help the affected users understand the implications of the breach.

You will only be sent email alerts of new breaches if you have SMBreach Pro. Otherwise, you will have to manually check SMBreach for new breaches. Read more about SMBReach Pro here.

It's a good idea to make a team, department, or company-wide announcement when users have been exposed in a new breach. You shouldn't mention the affected users, but announcing the breach to everyone will help users realize how common breaches are and how easily their own information could become exposed online. Many users are likely to use company email addresses for various online services without realizing the possible implications.


You should check the email policy of your company and ensure it prohibits employees from using their work email address for anything outside of work purposes. A breach is always a good time to re-visit this policy and re-distribute it to end users to read and sign.


If the data breach is recent and falls within your password change policy time-frame, then you should request that users update their passwords immediately, as this will limit the potential impact of an incident should someone get hold of the breached information.


Finally, you should communicate to staff what the company policy is should they fall foul of using work email addresses for online services in the future.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.