Why should we take data breach seriously?

27 januari 2023 / in Nieuws / door Dogan Varlioglu

The General Data Protection Regulation (the GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority under the risky circumstances (or in the case of a cross-border breach, to the lead authority) and, in certain high-risk cases, to communicate the breach to the individuals whose personal data have been affected by the breach.

What is data breach?

According to the GDPR article 4(12): personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed[1]. This means a data breach is when a security incident results in a breach of confidentiality, availability, or integrity for the data that your company/organization is responsible for[2]. If this occurs, and it is likely that the breach poses a risk to an individual’s rights and freedoms, your company/organization must notify the supervisory authority without undue delay, and at the least within 72 hours after having become aware of the breach. If your company/organization is a data processor; it must notify every data breach to the data controller.

Why data security is important?

Data security has remained a prominent field in recent decades. Misuse of data is a possibility while it is being moved around. Globally, this attention  has increased as a result of ongoing data breaches. Therefore, it is necessary to secure data and develop methods for doing so. In this article, we will look at the importance of data security and the guidelines for data protection.

For any business, data is a priceless resource that is generated, acquired, saved and exchanged. A corporation can avoid financial loss, reputational damage, a decline in consumer trust, and brand erosion by safeguarding it from internal and external corruption and unauthorized access[3]. Furthermore, a corporation must achieve and maintain compliance everywhere it conducts business due to regulations for data security that are imposed by the government and the industry.

How data breaches happen?

Although it’s commonly believed that an outside hacker is responsible for a data breach, this is not always the case[4]. However, it can just as easily result from a simple oversight by individuals or flaws in a company’s infrastructure.

Here are examples of how a data breach can happen:

  • Lost or stolen devices: An unencrypted and unlocked laptop or external hard drive which contains sensitive data.
  • Weak and stolen credentials: One of the easiest and most frequent reasons for data breaches is stolen passwords. Too many people use common passwords, this making it easy for hackers to access personal data without even breaking a sweat. You should think carefully to create something original whenever you choose your password because even moderately secure passwords can be cracked with the help of a computer program that run through millions of the most popular credentials.
  • An accidental insider: An example would be an employee viewing files on a coworker’s computer without the appropriate authorization permissions. The access is unintentional, and no information is shared. However, because it was viewed by an unauthorized person, the data is considered as data breach.
  • A malicious inside: If a person purposely accesses and/or shares data with the intent of causing harm to an individual or company. The malicious insider may have legitimate authorization to use the data, but the intent is to use the information in nefarious ways.
  • Malicious outside criminals: This can happen in the context of the hackers. It is important to see what type of data breach will be occur from these criminals and the attack can always happen. What you need to do is you should secure your system and implement the appropriate tools to prevent the data breach. In the following paragraphs it will be explain how to prevent data breach.
  • Phishing: The goal of these social engineering assaults is to trick you into causing a data breach. To easily trick you, phishing attackers take the form of persons or organizations you trust. Criminals of this nature try to coax you into handing over access to sensitive data or provide the data itself.

What can you do to prevent data breaches?

Everyone from end users to IT personnel need to be involved in data breach prevention at all levels. Security is as strong as its weakest link when you are attempting to figure out how to stop data breach attacks or leaks of personal data. Each user of a system is a potential vulnerability. Even kids using a tablet connected to your home network can be a risk.

How can you prevent this from occurring to your business? Is anyone nowadays actually safe? Here are some solid ways to prevent cyber security breaches at your organization:

  1. Conduct a security awareness training for your employee.

Employees are the weakest link in the data security chain. Despite training, employees click suspicious emails with the potential to download malware. One mistake that employers make is assuming that one training class about cybersecurity will be enough. If you are serious about safeguarding your important information, then you should schedule regular classes each quarter or even monthly.

  1. Regularly update your software.

The awareness-training will be not enough to secure your data. It should be also considered that the software of the tools should regularly up to date. Updates can enhance compatibility and program functionality while preventing security issues.

  1. Use passwords that are difficult to crack.

A strong password is the first line of defense against data breaches. Structured words mixed with capital letters and special characters can be used to create a secure password.

  1. Limit access to your vulnerable data.

By limiting who is permitted to view specific documents/files, you reduce the pool of employees who might unintentionally click on harmful link. Expect to see all records partitioned off as organizations go into the future so that only those who specifically require access will have it. This is one of those common-sense solutions that companies probably should have been doing all along.

  1. Make sure that third parties are complying with the rules.

Every company outsources a part of its operations to various suppliers. These suppliers then outsource their business to other suppliers. This can cause third-party risk. Therefore, vendor risk management and third-party risk management are fundamental to preventing data breach. Vendor risk management programs are an all-inclusive strategy for identifying and minimizing business risks, legal obligations, and reputational damage that may be caused by third parties.

What type of harm data breach can cause?

For public institutions: compromise of data may result in the disclosure of extremely sensitive personal data to foreign parties. Threats to a government and its people can come from military actions, political dealings, and information on crucial national infrastructure.

For business organizations: the reputation and financial health of an organization can be severely damaged by data breach. For instance, a data breach has affected companies like Equifax, Target and Yahoo. And today, rather than their actual business operations, many people associate or remember those companies for the data breach incident itself.

For individuals: identity theft is a serious risk for those affected by data breaches. Everything from social security numbers to banking information can be made public by data leaks. Once a criminal has these details, they can name to commit any kind of fraud.

Even though these are typical scenarios, the damage caused by data breaches can go much further. You must therefore check to see if your data has already been compromised.

Any Questions?

Lex Digitalis is a full-service agency in the field of privacy, data and cyber security. Lex Digitalis is a full-service agency in the field of privacy, data and cyber security. Lex Digitalis can also advise and assist you in the field of data leaks. This includes imparting knowledge, drawing up a data breach register or a data breach procedure, preventing data breaches, assessing whether or not there is a data breach and formulating reports to the AP and to those involved. You can contact me about this (06 – 18536230, dogan.varlioglu@lexdigitalis.nl) or one of my colleagues.

Bibliography

[1] “Art. 4 GDPR – Definitions” (General Data Protection Regulation (GDPR)) https://gdpr-info.eu/art-4-gdpr/

[2] “What Is a Data Breach and What Do We Have to Do in Case of a Data Breach?” (European Commission) https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en

[3] “The Importance of Data Security in 2022” (Intellipaat Blog) https://intellipaat.com/blog/importance-of-data-security/#no4

[4] Kaspersky, “How Data Breaches Happen” https://www.kaspersky.com/resource-center/definitions/data-breach