The Ponemon Institute has published a report on the financial losses of organizations that occurred as a result of data breaches. The cost of stolen information in 2021 increased by 10% compared to the previous year. The total loss amounted to $4.24 million (against $3.86 million in 2020). Most often, hackers attacked customer personally identifiable information (PII).
Currently, society makes serious demands on businesses when it comes to protecting confidential data. However, breaches do happen. How to detect unauthorized access to information and what should be done in this case? Let’s discuss this in the post.
What is a data breach
If information falls into the hands of persons for whom it is not intended, they speak of a data breach. Most often, it is official or confidential information. Hackers steal personal data of employees, credit card numbers of customers, as well as information related to trade secrets.
Types of data breaches:
- Information that identifies users: names, phone numbers, emails, physical addresses, and others.
- Financial data: banking information, credit card numbers, passwords and logins that fraudsters use to steal money from bank accounts.
Examples of data breaches in companies
Robinhood is an American financial services company. The company has an application through which users invest and trade stocks.
In November 2021, 5 million user emails were stolen from the company. The scammer learned the names of 2 million Robinhood customers and demanded money for non-disclosure of information.
First of all, Robinhood turned to law enforcement with a statement about extortion of money. They then prepared and published an incident report for app users and personally contacted affected customers. The company also signed a long-term contract with Mandiant, a leader in cybersecurity. Mandiant helped Robinhood eliminate the data breach and became responsible for its data security in the future.
Social media platform, Linkedin, suffered a data breach that compromised the personal information of 165 million user accounts. The data breach — which cost the company over three million pounds to clean up — has widely been reported as the result of weak user passwords.
How data breaches happen
According to the Verizon 2022 Data Breach Investigations Report, the most popular method is criminal hacking. Hackers use phishing, brute-force attacks on data servers, spyware and malware.
Breaches also happen within companies. For example, when an employee accidentally reads information on a colleague's computer without permission. Although the access is unintentional and the "secret" is not shared, such an incident is considered a breach of data security.
There are also cases when an employee intentionally gains access in order to use the information in bad faith.
Data breach: red flags
It is time to suspect a data breach if you notice the following signs:
- Company’s confidential data appeared in the public domain (for example, on the Internet).
- Data downloads by unauthorized users were recorded within the corporate network.
- Someone tries to log into the system from suspicious devices.
- There is activity in the corporate network at uncommon times.
- System crashes, password changes and uncontrolled account lockouts are common.
- Payments in e-commerce began to give errors.
Who to report a data breach
The company must report to the appropriate organization that there has been a data breach. The organization varies depending on the location of the business and its customers. In 50 states of America, the procedure for notifying customers about a data breach incident is legally established.
On the territory of the European Union, the first to know about what happened is the DPA, a special organization responsible for the safety of personal data. The GDPR requires businesses to notify the DPA within 72 hours.
How to prevent a data breach
Now we will talk about how to prevent data breaches from happening, but not about what to do when it has already happened. You should constantly improve your data security to keep your business safe. Here are steps to take:
- Set up limited access to data. Let those people who need it have access to information. Do not give access to data to those who do not need it for the quality of their work.
- Keep the software up to date. Outdated software contains many security holes through which confidential information can leak out of the company.
- Take passwords seriously. If fraudsters find out the password to enter the system, all doors will open for them. We recommend that you change your work passwords every quarter and do not use simple combinations.
- Protect employees' personal devices. When the personal equipment of specialists is involved in the workflow, there is a risk for the business. The threat can be leveled with the help of antiviruses and VPN.
The article was originally published here.
About the Creator
Altcraft
Interesting and useful articles about marketing, our product and online communications
What Solo Travel Has Taught Me About the World – and Myself.
There are a lot of points of view out there about independent female travel - some that urge ladies to travel alone, others that question it. Actually, throughout recent long periods of habitually traveling alone as an Indian lady, I've tracked down a lot of motivations to proceed to "Express yes to the world". Why travel alone? Peruse on:
By prashant soni4 days ago in 01
The Business of Nature
Dew drops reflected the light of the sun. The inhabitants of Whispering Woods woke up to the golden droplets of water on the leaves of the flora. The oaks particularly enjoyed the light and the maples did, too. Happiness enveloped all who lived there, even the rocks that cried out in the night delighted in the morning.
By Skyler Saundersa day ago in Fiction
Comments
There are no comments for this story
Be the first to respond and start the conversation.