What is a data breach?
Data breaches are a significant issue that many businesses have faced and will continue to deal with in the future. It occurs when there is a loss or unauthorised access of personal sensitive information. You need to inform the Office of the Australian Information Commissioner if your company has been affected by a data breach. This is a mandatory obligation under the Privacy Act 1988 (Cth) in order to comply with the Notifiable Data Breaches Scheme.
What are the different types of data breaches?
Data breaches come in all shapes and forms such as physical, a cyber attack or as a genuine mistake. So what are some examples of data breaches?
Malware is a data breach that works by a user downloading a particular software onto their systems. This allows scammers to gain access to the system and any sensitive data such as credit card details, personal details, passwords and even access to your accounts such as a bank account. A type of malware is called ‘Ransomware‘ which is whether you will receive a message from someone saying you need to pay them a ransom and they will unlock your computer. They can even impersonate the police and pretend that you have a committed a crime or need to pay a fine before they can let you gain access to your computer.
Social engineering is a type of data breach that deals with someone impersonating a person with authority or an organisation and additionally involves this impersonator manipulating a person to send sensitive information and data. For example, a person could pretend to be an IT expert and help your business out with protecting its data, but instead it could just be an excuse to gain access to any sensitive information.
Phishing is a specific example of social engineering. Phishing is something that occurs largely via email and attempts to gain access to passwords and other personal information through the use of fraudulent links or attachments.
Not all types of data breach include online hacking or attacks. It can also include the actual physical action of losing or stealing data. Someone can misplace a physical file or laptop or even a USB drive which leads to a breach of data. That physical object can hold a high volume of sensitive data and information, so when it’s lost, it creates a data breach as you do not know who has it or where it went.
Data breaches can also occur through genuine human errors. This is when an employee might accidentally send sensitive data to someone else who is not authorised. For example, an employee could send an email to someone by accident including information and data that the receiving person should not have access to. With the right training and education, this data breach can usually be avoided.
How can you protect yourself and your company?
So, what steps can you take to ensure yourself and your company are better protected from data breaches?
- Prepare a data breach response plan
- Have a data breach policy
- Educate and train your employees