October 11, 2018
When it comes to data breach risk in the workplace, cyber criminals often get all the attention.
But research has shown that employees can be the most worrisome –and weakest – link. For example, a recent Intermedia report found that 93% of employees engage in at least one form of poor data security. You may not realize that some of your everyday office activities are putting you at risk, and even if you do, it can be easy to slip-up now and again.
One of the major mistakes companies often make when creating a prevention strategy for data breaches is taking a one-size-fits-all approach, wrote Michael Bruemmer of Experian Data Breach Resolution.
Experts have found that not every data breach fits a standard pattern. It depends on why thieves want the information.
Here are a few examples of some of the different types of data breaches on the threat horizon today.
Information thieves launch a cyber attack and copy or transmit confidential data. Identity theft motivated 53% of these breach incidents in 2015, according to Safenet-inc.com, a data protection company.The most sought-after information is personally identifiable information (PII), which can be used to open lines of credit and re-direct tax funds. Thieves also sell financial information. While credit and debit card numbers are still being targeted, new EMV chip cards protect against the conventional data breach because the cards don't share account data or any personal information.
When there’s a ‘secondary’ motive, cyber criminals hack into a website and use malware with the intention that the true target will become infected. In effect, the owner of the website is just a stepping stone to the real victim, according to the 2015 Data Breach Investigations Report.
Cyber thieves use stolen information to embarrass an organization or an individual. A good example is the high profile breach against the adultery website. Clients of the website were embarrassed by the affiliation.
Issue-motivated attacks can damage an organization’s reputation too. The hackers of the adultery website actually wanted to shut it down. Any organization is at risk for this type of attack. Environmental extremists might target an energy company. ‘Hacktivists’ might expose a company’s labor practices. While customers are not a primary target, they are often affected because their information is exposed, said Bruemmer in a recent online blog.
In 2015, ‘nuisance’ breaches accounted for a small but significant number of breaches. Information thieves stole seemingly innocuous information such as email exchanges – and then used it to harm individuals and companies. A survey from the Medical Identity Fraud Alliance found 45% of victims were harmed when their personal health conditions were exposed. Not only was it embarrassing but the information may have impacted employment and other opportunities.
Small and large organizations should be prepared for all types of data breaches.
Here are 9 common types of security risks that can put an organization in danger of a data breach and simple solutions to keep you secure.
Assess the types of customer records being stored and practice good data hygiene. Secure records that have obvious value to information thieves. Secure other records that may seem less valuable but if exposed could be used against the company or customers.
Equip devices with the best safeguards including firewalls, multi-factor authentication, encryption and up-to-date anti-virus software.
Restrict access to sensitive data, and use a comprehensive document management process.
Provide on-going security awareness training.
Update the incident response plan regularly – and practice it so everyone knows what to do when there’s a cyber attack.
Partner with a document destruction company that has a chain of custody and secure on- or off-site destruction services for both paper and digital information.
Implementing a clean desk policy can ensure your office place reduces the risk of internal fraud.
Start Protecting Your Business From Data Breaches Today
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.