Wednesday, September 11, 2019
A data breach is defined by Wikipedia as, “the intentional or unintentional release or secure or private/confidential information to an untrusted environment.” The security based website Norton states, “a security breach occurs when an intruder gains unauthorized access to an organization’s protected systems and data” . . . [and] a security breach is an early-stage violation that can lead to things like system damage and data loss.” Typically, there are 3 common causes of a data breach: accidental, internal criminal, and external criminal. There are 3 major causes for a Data Breach:
Accidental Data Breach:
- This particular type of breach is most common due to the use of ‘Cloud Computing’ and ‘Bring Your Own Device’ (BYOD). These particular practices of Cloud Computing and BYOD increase the susceptibility for an accidental data breach. In addition, accidental data breaches can occur when a device is lost or stolen.
- For example, when an employee accidentally forgets their phone on the bus, access to information granted on that device is granted to whomever finds the device. There have unfortunately been several cases of lost or stolen hardware being used to access sensitive information.
Internal Criminal Data Breach
- This criminal data breach typically involves disgruntled employees and bribery schemes. Many times, these data breaches involve employees who are leaving the company who steal data. The website, Security Boulevard describes several cases of internal criminal data breach.
- In one such example, a K-12 school district IT contractor stole a database containing information about 70,000 people when she found out she was fired. The files were stored in the cloud, and she was able to access the files remotely before school officials could close her account.
External Criminal Data Breach
- External criminal activity from hackers is widely discussed and feared throughout cyber-community. Email communications continues to be the biggest threat for phishing and malware threat vector.
- Ultimately, cybercriminals want to gain access to your personnel and financial information with the use of ransomware allowing the criminals to sell this information.
How to Prevent a Data Breach
- Four types of data are typically targeted by cyber criminals—both internal and external. These include payment card industry (PCI) information, personally identifiable information (PII), intellectual property (including trade secrets and proprietary information), and business financial data.
- PCI and PII data breaches can impact customers, employees, and the business itself. The human and financial toll that customers and employees experience as the result of a data breach and identity theft are one and the same. It doesn’t matter if they are working for you or not, they still have to deal with the impacts of the breach.
6 Steps to Better Data Loss Prevention
- Back up your data
- Set up DLP policies and processes
- Use data loss prevention software
- Monitor for improper use of data (both internal and external)
- Monitor for account takeover behavior
- Regularly audit for data breach risks
For more information, please click here.0