Data Breaches – What They Are, Why They Happen and How to Prevent Them
Data breaches are dominating the headlines, but there is still a limited understanding among the general public of what causes them, and how devastating the consequences can be.
What is a data breach?
A data breach is an incident involving the release of sensitive or confidential data to an untrusted environment, allowing the potential for illegal viewing or use of the information by an unauthorized individual. Data breaches can occur on many levels, ranging from personal, to organisational, to a national scale, involving personal finance and health information, intellectual property and trade secrets or even matters pertaining to national security.
Why do breaches happen?
Cyber attacks are the most commonly publicized examples of data breaches, with popular media propagating the idea of shady individuals hacking into corporate networks and stealing confidential data or committing fraud by circumventing banking passwords.
Less talked about, despite having equally severe consequences, are data breaches taking place “offline”, with methods such as social engineering or 'dumpster diving' for improperly disposed of documents.
With offline information, as it is shared with and handled by multiple parties every day, there are many potential points of weakness. Once confidential data is documented in physical form e.g. paper, there is no undo, encrypt or delete button to reverse the action, and whoever is in physical possession is able to do as they wish with it without the originator being aware of their actions. Whether they choose to dispose of it securely or in a plastic bag thrown into a publicly accessible rubbish bin in a car park, it is out of our hands. Furthermore, in the rare cases that we do find out that data has been disposed of in an inappropriate manner, it is almost impossible to determine who exactly is responsible for the breach of trust/lapse of judgement.
With the recent case in Singapore of the ex-financial adviser who was fined for the inappropriate disposal of sensitive documents, secure disposal methods were available in the form of locked console boxes and there were corporate policies in place requiring the return of client data. However the importance of doing so was not stressed to employees, and nothing was done by the company to monitor for compliance or to intervene in the event of failure to follow appropriate procedures.
How to prevent a data breach
Companies should place more importance on secure document disposal by their employees, not only for the protection of their customers, but also for the organization itself. In the example above, the company was not held responsible, but only because the ex-adviser was an independent contractor and not considered an employee. In other words, they got lucky. In particular because, under certain circumstances, companies can be held liable for the actions of their contractors.
To prevent a data breach and the associated damaging consequences, some good practices all companies should follow are:
- Institute security awareness in the end user and remind them of their responsibilities regularly.
- Create and enforce a data protection policy that includes the secure disposal of documents.
- Minimize the transfer and duplication of data.
- Restrict unauthorized and un-encrypted transfer of data.
- Perform regular Security Risk Assessments.
- Employ system monitoring.
- Create secure backups of important data and update them frequently.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.