Blogs, Data, Data
How can you limit the risk of a data breach within your organization?
13 February, 2019
5min. reading time
I regularly read news articles about sensitive data that ends up on the street. In fact, one Google search on “data breach” over a period of one month shows several examples, of which the “Collection #1” example is the most astonishing. In this case, no fewer than 773 million unique e-mail addresses and 21 million unique passwords became public. It is claimed to be the biggest data breach ever. And still this is just one of the many examples.
Strangely enough, this number of data breaches and their scale does not surprise me. For example, the Dutch Data Protection Authority reported that nearly 21.000 data breaches were reported in 2018. This means that every day more than 50 breaches get reported. And this is in the Netherlands alone! A quick search online tells me that the equivalent to 291 records were stolen or exposed every single second in the first half of 2018. In most cases, the cause lies with an employee of the organization. Naturally, you do not want your employees to be the cause of customer data, sensitive Company Information or staff personal data ending up on the street. So how can you prevent this?
Data breach in 2018: striking facts
The annual report on data breaches of the beforementioned Dutch Data Protection Authority provides interesting but shocking information. Firstly, an increase of 109% is realized in 2018 compared to the previous year in terms of data breach notifications. Chances are that this has to do with the GDPR that has been in effect since May last year, but an effective reporting obligation has been there since 2016. But let’s start with a positive perspective: data breaches are reported more since the introduction of GDPR.
Most common causes of a data breach
Secondly, the annual report shows what kind of data leaks have been reported in 2018. In other words, what was the cause? The cause that left all other competitors way behind, was sending sensitive information to the wrong recipient. To be more clear, this was the cause in 63% of the reported cases. The remaining 37% consists of other causes, such as lost letters or mail packages, lost or stolen data carriers like USB sticks, but also hacking and phishing activities are listed. The latter category (hacking, malware and/or phishing) covers 4% of the reports and is the only one that does not lie with internal employees. As you can tell, this is relatively a very small group, especially if you consider that these causes can also be minimized by human effort.
What can you do yourself to prevent a data breach?
You can already draw some conclusions from the previous text. A couple of causes are so obvious, that paying a bit more attention to them already helps a lot. Because as you notice, the human aspect is the largest in this context. When all employees in your organization are alert, you are already making a huge profit. Below are some agreements you can make with your staff to limit the risk of a data breach.
1. Lock your device anywhere.
The first rule is a simple and effective one. Sensitive information is mostly stored on PCs, laptops, smartphones and similar devices. Are you not around your device? Then lock it or shut it down completely.
2. Be responsible with passwords
Next, it is advisable to encrypt your passwords. Do you save your passwords? If so, make sure you encrypt them and store them in a protected environment. Do you save your passwords locally? Then do this via a password manager, such as KeePass. These types of managers also ask you to change your passwords on a regular basis, if they don’t do it their selves already. Is this not the case or are you not willing to use such applications? Then make sure that you and your colleagues change your passwords regularly.
3. Keep your software and firmware up-to-date
In our blog about updating legacy software, the importance of up-to-date software was already explained. In addition to always having the latest functionalities, you are also optimally secured. Hackers mainly focus on outdated software, because they can work backwards from the update patch. That way they find the weakness of the outdated version in no time. To use a somewhat simpler metaphor: the leak in your exhaust is quickly found when you unwind the special exhaust tape. Keep your IT department focused on updating your software and prevent data leaks.
4. Always share files (with the right recipient) through a secure environment
Since the most common data leak was sharing information with the wrong person, it must be a part of the rules. To go a little deeper into this matter: if you share files, do so through a secure environment. Do not just put documents on Dropbox or a USB stick.
5. Trust nobody
This fifth and final rule may sound a bit harsh, but as far as company-sensitive data is concerned, it should be kept in mind. Viruses, such as malware, often enter via e-mails. An inattentive colleague clicks without any bad intentions on an apparently personally directed e-mail and the damage is already done.
Look carefully before you enter the digital highway
When you work with Boltrics’ Microsoft software in the cloud, you work with Microsoft Azure. In other words, you work with a cloud platform where more than $ 1,000,000,000 (one billion) is invested in security only. Everything is safe there. Hopefully you are aware that the biggest risk lies in a much smaller corner. And hopefully you will spread this awareness throughout your company. Practically, all of us are going fast on the digital highway. All we need now is the theoretical part.