Data Breach 101
Even the Pentagon isn’t immune to data breaches. Julian Assange, Chelsea Manning, and Edward Snowden are now either in exile, in prison or incommunicado: Assange is holed up in the Ecuadorean embassy in London, Manning (formerly known as Bradley) is living in prison as a woman, and Snowden is hiding out in Russia.
They’ve all made headlines for colossal U.S. security breaches, but the three cases really revolve around data breaches. And while it’s unlikely your business will ever be involved in a data breach affecting international security, a data breach is something your business should be informed about – and protected from. This post outlines what a data breach is, how they happen, why you should take action, and how.
Data breach defined
A data breach occurs when secure, sensitive or confidential information is accessed by unauthorized entities. This data could include addresses, e-mail accounts, passwords, credit card numbers, financial data, medical files, photos, corporate documents, intellectual property and more.
How breaches can happen
The list of data breach causes is long and continues to grow larger. Some of the many examples include:
- Lost or stolen hardware
- Lost or stolen external storage devices such as hard drives, flash drives and discs
- Hackers (of email, networks, mobile devices, social media accounts, etc.)
- Viruses, malware and other bad stuff used by said hackers
- Employees who cause breaches by leaking corporate data either intentionally or accidentally
An incident doesn’t have to involve high tech methods to qualify as a breach. Even if one person views secure information on a screen from over your shoulder, it can be classified as a breach.
Why a breach can harm your business
As outlined in an earlier blog, the costs of a data breach can be high. Dealing with a breach could cost your business in terms of productivity, data recovery and security bills, legal fees, intellectual property secrets, current and future customers and the trust of your clients, partners and suppliers. Your breach could also violate privacy laws or industry compliance standards.
What to do if you suffer a breach
First, assess which data was breached and if possible, how and by whom. Make a list of affected parties to notify. Reassure your clients and business partners by notifying them promptly and thoroughly. Alert your financial institutions to look out for suspicious activity on your business accounts. Assess whether your breach has violated any laws or industry regulations. You may want to consult legal advice to be on the safe side. And of course, get moving on data recovery and improving your data and network security.
If your business is the victim of a breach
If one of your partners or suppliers suffers a breach, don’t assume it won’t affect your business. Change your major passwords and notify your financial institutions to keep an eye open for abnormal transactions. If customers were affected, you should notify them about the extent of the breach and what risk is posed.
How to prevent a data breach
There are many steps you can take to prevent a breach, including:
- Creating a security policy that includes password and bring-your-own-device (BYOD) guidelines.
- Developing a disaster management and recovery plan.
- Reviewing who has access to sensitive data.
- Storing and locking devices safely and wiping used ones before discarding or recycling them.
- Shredding old paper documents.
- Securing your Internet and wireless networks.
- Keeping all your software updated, including anti-virus programs.
- Employing tools such as mobile device management software, backup and recovery systems, encryption and virtual private networks to protect your IT systems.
Products like Bell’s Total Protection offer considerable value since they include many security features in one package.
The bottom line
A potential data breach at your business probably wouldn’t be the top story on global news sites, but it does present enough potential risks to your business to warrant taking preventive measures today.
How did you recover from a data breach at your business? What have you done to prevent further breaches? Have your say in our comments section below.