FAQ

The 5 most common types of data breaches include:
1. Phishing – A malicious email can disguise itself as being sent from a trusted sender. Once they have gained the user’s trust, they start asking for personal information such as credit card details, passwords, and birth dates.
2. Password breaches – Numerous individuals and organisations still use easily guessable passwords which make them a vulnerable target. By obtaining these credentials, hackers can give themselves unrestricted access to do whatever they wish.
3. Ransomware – In the case of ransomware, data is often not exposed but rather encrypted and inaccessible until a ransom is paid. Sometimes when a ransom isn’t paid, the encrypted information gets leaked onto the black market or hacker forums.
4. Human error – These breaches are often the result of human mistake and can take on many forms such as accidentally misplacing a file or sending data to the wrong person. These acts can often result in millions of dollars’ worth of damages.
5. Physical breach – Whilst most breaches involve digital records, physical records can also be exposed without data protection. A thief stealing an employee’s laptop or losing your company phone on the train can all cause physical records to be stolen.

The most common way a data breach occurs is stolen or weak credentials. The vast majority of people reuse their passwords for different platforms and when cybercriminals have these credentials, they can use brute force methods to attempt logins until a match is achieved. The most common way a data breach occurs is stolen or weak credentials. The vast majority of people reuse their passwords for different platforms and when cybercriminals have these credentials, they can use brute force methods to attempt logins until a match is achieved.

Companies can implement a number of methods to reduce the chances of being breached. Employees should be trained with best practices, so they have a solid understanding of what to look out for and the basic safeguards to securing company data. Passwords should be frequently changed and stored in a safe place, and wherever possible, multifactor authentication should be set up. All software should be running the latest updates so any vulnerabilities are patched up on a continuous basis.

First determine where the breach has occurred and isolate the affected systems by disconnecting it from the internet. From there, establish what data was stolen and who was impacted. Your cybersecurity team should be called in to assist with security patches and implementing new defences to ensure the method the hacker used won’t occur again. If you have cyber insurance, then you’ll also have to notify your provider as they can assist with covering a portion of the damages and assist in identifying future breaches. The most important thing is to inform your employees and customers of the breach, so they know that they’ve been affected. It’s also worthwhile to set up a hotline to help with answering questions that affected individuals may have.

Data owners are responsible in upkeeping and maintaining security over data. Any organisation that suspects they have been breached must report the security incident to the Office of the Australian Information Commissioner or face a $1.7 million penalty.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.