Data Breaches. Are you at Fault?

4 minute read 

In most cases, data breaches are the result of a combination of both poor company processes and human error. Now we are not saying that improved processes can prevent all breaches, but there are some sensible measures which we can all take to reduce the risk, both at work and in our personal lives.

The Basics – This might sound obvious, but probably the most important thing is to not leave your work laptop at your local café. The amount of data breaches occurring from lost or stolen digital devices is a growing problem. In Hong Kong in 2017, two laptops belonging to the Electoral Office were stolen at Asia World-Expo. This carelessness compromised the information of 3.78 million registered voters. Furthermore, if you are working at the local café, don’t use the public Wi-Fi. Either connect through your phone or, if you must use the Wi-Fi, use a VPN. The security on public Wi-Fi networks is often lacking or entirely absent, sometimes deliberately, leaving you open to a whole host of attacks.

Email – Sending an unencrypted email containing sensitive information to the wrong recipient is another common cause of data breaches. For example, in 2018, the personal information of over 21,000 people associated with the US Marine Corps was compromised due to an unencrypted email being sent to the wrong recipient list. Getting an email encryption service is a way of securing sensitive information over email.

Email is also the most common form of entry for hackers. According to Verizon’s 2021 Data Breach Investigations Report (DBIR), nearly all phishing attacks arrive by email. Check your emails. Do they look suspicious? Are they asking you for information urgently or sending you to another website? These types of emails are a key indicator of a phishing campaign. John Podesta and his team were hacked in this way in the run-up to the US presidential election in 2016.

Software Updates – This is becoming less of a problem now, with most systems automatically prompting us when an update it available, or simply updating themselves in the background. But it is still important to make sure all systems connected to the internet are fully updated. Think of this as maintaining online hygiene. Some of the most significant data breaches in recent memory have occurred because of older versions of software not being updated. The infamous Equifax breach in 2017 was the result of an unpatched vulnerability.

Passwords – One that most of us can improve upon. Use strong, cryptic passwords that are hard to guess. Store your passwords in a safe, encrypted portal or a password manager.

Are We Learning to Deal with Data Breaches?

The top-decision makers in large companies are gradually becoming more involved in the cybersecurity process. According to a 2019 Experian report, 54% of executives and 39% of directors were engaged in planning responses for data breaches. These figures need to improve further – if top executives are not involved, it can give the impression that cybersecurity is not important.

Many people are simply too busy to worry about best security practices at work. And the belief that it’s someone else’s job can sometimes be used as a convenient excuse to shirk personal responsibility. Worse, not reporting something as suspicious or missing due to fear of reprisal from higher up is a worrying tendency which can afflict certain organizations. With regulations such as GDPR making it mandatory to notify the supervisory authorities within 72 hours, this behavior is declining. Companies have needed to change their incident response plans and internal security procedures to make sure these reporting requirements are met.

Different generational approaches to cybersecurity may also pose a problem in dealing with data breaches. Engagement with all generations is a must in improving security culture. The assumption is that younger workers brought up in the Digital Age should be more responsive to cybersecurity responsibilities, but this may not be the case.

On a personal note, outside of work, the sheer volume of data and potential hassle can be intimidating. The best approach is to start step by step, concentrating on the most important and sensitive items. The main risk is mixing the important stuff with the casual. No organization will naturally lead to poor online hygiene.

Are We Learning to Deal with Data Breaches?

The top-decision makers in large companies are steadily becoming more involved in the cybersecurity process. According to a 2019 Experian report, 54% of executives and 39% of directors were engaged in planning responses for data breaches. These figures need and will improve further – as if top executives are not involved, it can give the impression that cybersecurity is not important.

Many people are simply too busy at work to worry about best security practices. And the belief that it’s someone else’s job can sometimes be used as a convenient excuse to shirk personal responsibility. Moreover, there is a worrying tendency in some organizations to not report something suspicious or going awry due to fear of reprisals from higher up. With regulations such as GDPR making it mandatory to notify the supervisory authority within 72 hours, this behaviour is declining. Companies have needed to change their incident response plans and internal security procedures to make sure these reporting requirements are met.

Different generational approaches to cybersecurity may also pose a problem in dealing with data breaches. Engagement with all generations is a must in improving security culture. The assumption is that younger workers brought up in the Digital Age would be more responsive to cybersecurity responsibilities, but this may not be the case.

On a personal note, outside of work, the sheer volume of data and potential hassle can be intimidating. The best approach is to start step by step, concentrating on the most important and sensitive items. The main risk is mixing this important stuff with the casual. No organization will naturally lead to poor online hygiene.

The StayPrivate Team

Get StayPrivate, secure email for everyone.

Sign up to StayPrivate free using one of the links below.