Data Breach Prevention

A data breach is an intentional or unintentional action of stealing information from a system without the knowledge of the owner of that particular system. All companies can fall victim to a data breach regardless of its size. The types of data stolen from these companies during a breach include the confidential and sensitive information such as customer data, matters of national security and credit card numbers. Most often, whenever a company’s system is hacked and the information is shared publicly, the company’s reputation is tarnished and loses the confidence of its clients and employees (Mitchell, 2009). The organization may also face financial losses in cases where financial records are also stolen during the breach. The legislation for data breaches is different in each country. In certain countries like France, Canada, and the United States, organizations are required to notify the affected employees and customers in the event of a data breach (Stevens, 2010). Often, the most common data breach methods used across industries is malware attacks and hacking. However, these two methods only account for a quarter of the data breach incidents reported.

Methods of Data Breach

The methods of data that are frequently observed include; insider leak, unintended disclosure, payment card fraud, loss and theft and unknown. Insider leak involves a company employee with privileges to access the company’s systems steals important information. Unintended disclosure involves exposing or sharing sensitive company information either through negligence or mistakes. Payment card fraud occurs when a skimming device is used to steal data from a payment card. Lastly, in some cases, companies fail to disclose the method of data breach used to steal information, and therefore the method is unknown.

How Data Breach Occurs

Whenever an individual or a group of individuals plan to attack a company, they must consider certain factors. The most obvious consideration is the organization’s weak point. Most common weak points are either employees, networks or its system. To ascertain this, proper research must be carried out and might take very long hours.

After pointing out the firm’s weakness, the next step is to attack. The attack can either be a social attack or a network attack. The Social attack involves targeting the network of the firm using social engineering. An example of such a method includes sending an attractive email to an employee to gain their attention, and which executes a malware immediately it is accessed by the employee. Network attack involves gaining access into the firm’s network using the target’s weakness. Examples of such weaknesses include session hijacking, vulnerability exploration and SQL injection.

After gaining access to the organization’s network, the final step is to steal the information from the system. Data acquired from the system can either be used to blackmail the company or to initiate more attacks on the compan

Statistics

Since 2013, nine billion data records were either lost or stolen and of the total, only 4% were secure breaches (Gemalto, n.d.). Approximately 57 data records are stolen every second. In 2017, four hundred and ten million data records were stolen from the government which accounted for 19.45 % of the total data records stole during the same year (Gemalto, n.d.). The healthcare sector and the financial industry also reported large number of attacks in 2017 with 228 and 125 breaches respectively.

Practices for Securing Against a Breach

Organizations can implement various practices to protect themselves against a data breach. By patching systems and networks, attackers will face difficulties in trying to exploit the vulnerabilities in the software. Employees should be informed on the methods of social engineering and guidelines on how to handle such situations should also be introduced. Security measures should also be implemented by creating a process that will be able to point out and address vulnerabilities in the company’s network. An effective plan for data recovery should also be put in place in case of a data breach.

Employees also need to incorporate certain practices to ensure they do not fall victim to a data breach. They need to monitor their account transactions so as to identify any strange charges. They should always be vigilant, and careful of the information they share on social media. Personal computers and mobile phones should also be secured by security softwares and applications should be up to date. Account passwords should be secured and differ from each other. Verification of emails is also important before opening them to avoid executing malwares.

References

Gemalto. (n.d.). Data Breach Statistics by Year, Industry, More – Breach Level Index. Retrieved from http://breachlevelindex.com/

Gemalto. (n.d.). Data Breach Statistics by Year, Industry, More – Breach Level Index. Retrieved from http://breachlevelindex.com/

Stevens, G. M. (2010). Federal information security and data breach notification laws. Washington, DC: Congressional Research Service.