In today’s world, the fear of a data breach is in the forefront of every business executives mind. Protecting your sensitive data is critical to the lifeline of your company. According to various research that has been conducted by Orion Security Experts, there are a number of common causes of data breaches. Let’s go through a few.
Most Common Causes of Data Breaches
Physical Loss or Theft of Devices
This is arguably the most straightforward of the common causes of data breaches. However, there are many different ways that this can occur. It could be that anyone of your laptop, external hard drive, or flash drive has been damamged, stolen, or misplaced. This physical data breach is difficult because with each device that is now out of the control of the original owner, multiple types and pieces of data are potentially exposed.
The great news is that there are some ways to protect yourself and your organization from suffering any significant data breach from a lost or stolen device. These ways include:
- encryption of devices
- keeping your devices with you or in a secure, locked location
- regularly back-up your device (Click here to learn more about what all you should back up)
- lock-down your devices when they are not in use, so that they need a password to be reaccessed
The phrase “keep your friends close, and your enemies closer” could not be more relevant. Though, categorically speaking, internal causes of data breaches can be broken down into two broad categories, accidental and intentional. Here are a few reasons that data breaches can occur from within an organization.
- Accidental Breach (or, Employee Error) – According to the 2014 Data Breach Investigations Report released by Verizon, this accounted for less than 2% of all causes of data breaches. Still, information that they can share can be extremely sensitive. Some common examples of this are
- Sending a Document to the wrong recipient – According to the survey conducted by Verizon, this was the most common type (44%) of data breach resulting from a mental error.
- Not Understanding Security protocols and procedures
Intentional Breach (or, Employee Misuse) – This can happen for a number of reasons, including:
- Getting around permissions or protocols that are in place
- An ex-employee or contractor who is disgruntled causes problems
To combat and best protect yourself from threats to your security caused by either unintentional or intentional employee actions, there are a number of recommended controls you can take, including:
- Keep a record of your data, and know who has access to which parts of it
- Maintain audit trails that show file chain of custody
Weak Security Controls:
There is no surprise that this is among the common causes of data breaches. Still there a number of ways in which weak security controls and take place within the workplace, including:
- Not forcing security policy on mobile devices – Orion’s Security Partner Sophos named this as one of the 7 Deadly IT Sins organizations are facing today.
- Overly complex access permissions – Incorrectly managing access to applications and different types of data can result in employees being able to view and transport information they don’t need to do their jobs.
- Weak and Stolen Passwords – While hacking and malicious attacks are often the top concern for protecting an organization’s data, more often than not a weak or lost password is the vulnerability that is being exploited by the hacker. When devices such as laptops, tablets, cell phones, computers and email systems are protected with weak passwords, hackers can easily break into the system. This exposes subscription information, personal and financial information, as well as sensitive business data. Click here to read our blog on tips for ensuring your password is secure.
Some quick tips for controlling these types of risks are:
- Enforce password policies
- Enforce lockout policies
- Have role-based access controls that are based on a users need to know
And just like that, controlling these risks are easy enough once they are understood.
Operating System and Application Vulnerabilities:
Having outdated software or web browsers is a serious security concern. Every year, attack methods become more advanced and hackers increase the number of ways that they can use vulnerabilities within your system to gain access to your information. So, until that system stops, we don’t see this cause coming off of the “common causes of data breaches” list anytime soon.
There are a number of ways you can protect yourself from this, including:
- Patch ALL of your systems
- Segment your network
It is critical to your information’s integrity and security that both of these items be done.
As long as there are profits to be made, hackers will continue to try to access your information, and “Malicious Attacks” will remain one of the main causes of data breaches. There is little to nothing that can be done about the outside force that is attacking your company. According to the Verizon survey, the top attack methods used were
- Malware (this included spyware, backdoor access points, export data, capturing of stored data, command & control, and downloader systems)
The only thing that you can do is have strong internal security systems to ensure that you are protected.
Combatting the Common Causes of Data Breaches
One thing is for sure, the one most successful way to prevent all of these causes of data breaches is through education. Make sure employees are aware of the biggest risks and also are properly trained on how to handle confidential information. Our Cyber Security Awareness training can be an excellent tool for increasing the level of awareness within your organization.