Would you believe us if we told you that every day more than 6 million data records are compromised? No organisation or sector is immune and even the most secure government systems are at risk of being infiltrated or hacked. Only 6 months ago an 11 year old was able to hack in to a US Government system and change election results. It took him just 10 minutes! So, if it can happen to the US Government and the health service in Singapore it can definitely happen to you.
Forearmed is forewarned and the best way to protect yourself is to essentially know your enemy and the tactics that they may use to infiltrate your system. Data breaches can happen in a variety of ways and come in all shapes and sizes. When most of us think of a data breach we think of a faceless hacker using some kind of virus to access the sensitive data on your system, however this isn’t always the case. Some data breaches are far less sophisticated.
To help you understand what your organisation is facing, we’ve compiled a breakdown of some of the most common types of data breach.
Cyber-attack or Criminal Hacker
Cyber criminals are becoming increasingly sophisticated in finding ways to access your system and, scarily, you may not even know that your system had been compromised. Many businesses only discover that their system has been hacked when the data breach has happened and significant damage has been done.
Cyber-attacks come in a variety of forms including denial of service, malware and password attacks. It is important to remain vigilant at all times and to protect yourself against cybercrime by following a few simple and basic steps. Never click on links from unknown senders, regularly change your passwords and don’t use the same password for every website login (imagine, it just takes one website to be hacked and potentially those hackers could have access to your online banking if you use the same web passwords).
It could be something as simple as including the wrong person in the Cc field of an email or attaching the wrong document to an email which could cause a data breach. None of us are fool proof and we all make mistakes, but your employees need to understand the most important elements of information security, and all staff, technical or not, need to be made familiar with security awareness policies and procedures.
Simple actions such as double checking who is included in an email instead of blithely accepting the addresses that your email provider suggests, can ensure that sensitive data is only viewed by those who are supposed to see it. It’s vital to check, double check and check again!
Most organisations put access controls in place to increase data security. Access controls are basically designed to stop sensitive information from being seen by the wrong people. A breach of these controls could mean that an unauthorised person has gained access to HR files, banking information, health information, the list is endless. The damage that can be done, not only to a company who can be heavily fined, but also to the individuals whose information has been accessed, can be immeasurable.
Physical theft and exposure
Data breaches aren’t all about cyber-security. It is possible that someone could just physically steal information. It’s important to remember this when considering what measures you are taking to keep your data secure. For example, even with the highest levels of security a breach could happen when a member of staff forgets to shred a sensitive document. Additionally, it is worth remembering that under GDPR legislation all laptops, computers, printers, and even photocopiers, must be disposed of properly, through a registered service. Failure to do this can result in a fine from the ICO!
Ransomware is a serious threat to any organisation. It is a type of malicious program (malware) that usually holds a system or the information on it to ransom. Hackers will demand payment in return for access to files or data. If an organisation fails to comply with what is essentially blackmail, the malware then threatens to destroy its essential data. There is however no guarantee that, once a ransom is paid, access will be returned.
One of the most common ways that Ransomware enters systems is through phishing or spam emails.
Scarily phishing is one of the easiest ways for a cybercriminal to access your sensitive data and has been estimated to cost US businesses alone $5bn a year! Originally just focussed on emails, phishing methods have now spread across social media, messaging services and apps. Essentially a phishing message is one where you are asked to input sensitive information to access a website. Usually they target bank or credit card information, but phishing can also be used to gather passwords.
While none of us are completely immune to phishing, there are a couple of basic rules to remember which can help you to stay protected. Large organisations will always include your name or a part of your account number in their emails. Don’t click on any links that come from a source that doesn’t directly address you and if you are in doubt contact the company by phone or through the information on their website.