What is a data breach?

Posted on August 16, 2017

A data breach occurs when any sensitive information is exposed, whether maliciously or innocently, to an unauthorized source. Hackers and viruses may instinctively come to mind when you think of a data breach, but employees meaning no harm can also be risks for breaches.

Despite increased awareness and technological developments, approximately 62 data breaches occur every second, according to the Breach Level Index(link is external). Knowing your company’s weaknesses can help to prevent devastating losses.

The Three Most Common Data Breaches

The three most common types of data breaches are physical, electronic and skimming. Depending on your company, you might be more at risk for certain breaches rather than others.

  • Physical: A physical data breach occurs much like you might imagine—physical records or devices containing data are stolen—a laptop, mobile device, file cabinet, hard drive, point-of-sale equipment, etc.
  • Electronic: Electronic data breaches are the malicious obtaining of data through a system or network via web servers or web sites.
  • Skimming: Skimming is the process of recording the information from the strip on the back of credit cards. An external device can be added to a piece of point-of-sale equipment (usually without the merchant’s knowledge), or an employee who takes the card can scan it on a skimming device without your knowledge.

Other Types of Data Breaches

While less common, these other types of data breaches can be no less dangerous or costly.

  • Uninformed employees: Checking work emails from an unsecured mobile device, leaving a laptop in a car, not closing out of application windows when the user has finished and not changing passwords regularly seem like harmless actions, but these leave your company susceptible to malicious attackers. Hold seminars or send protocol updates to make your employees aware of the holes that their habits might leave for cyber criminals. Many employees are also victims of phishing; train your employees on how to detect a suspicious email, and have them report it directly to your Information Technology (IT) department as soon as it is received (without clicking any links or giving the sender any information).
  • Malicious insiders: Insider threats are considered to be one of the biggest risks to cyber security. Some of these are innocent, or the employee does not realize the consequences of being careless with security, as explained above. Some employees, however, have malicious intent; as employees who undoubtedly already have access to at least some of your company’s data, it can be very easy for them to gain access to sensitive information. Take special care to promptly remove access for any terminated employees. Limit the access given to all files, folders and systems to just those who need it.
  • Third-party service providers: If your company uses a third-party to provide cloud storage, accounting, maintenance or any other countless services, your information could be vulnerable via their systems. Make sure to choose reputable companies when doing business and go over security protocols. If you discontinue use with a provider, be sure to disable any account permissions, if they had any.

Combatting Data Breaches

The effects that a data breach can have on your company greatly depend on many factors, including but not limited to: the size of your company, the type of data breach and the severity of the attack. Know your weaknesses, train your employees and outfit your company with the best technology to protect your data.

Contact Centric Business Solutions at (877) 902-3301 for help implementing IT and document management solutions that will help protect against some of the most common types of data breaches.