A data breach is a security incident that involves the unauthorized or illegal, sensitive protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so without the knowledge or authorization of the system’s owner.
Common Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. A data breach is also known as a data spill or data leak.
If anyone who is not specifically authorized to do so views such data, the organization charged with protecting that information is said to have suffered a data breach. Most of the time, data breaches are attributed to hacking or malware attacks.
A data breach occurs when an unauthorized hacker or attacker accesses a secure database or repository. Data breaches are typically geared toward logical or digital data and often conducted over the Internet or a network connection.
A data breach may result in data loss, including financial, personal and health information. A hacker also may use stolen data to impersonate himself to gain access to a more secure location.
Data breach laws
Data breach legislation differs in every country or region. Many countries still do not require organizations to notify authorities in cases of a data breach. In countries like the United States, Canada, and France, organizations are obliged to notify affected individuals of a data breach under certain conditions.
Some Common Data breach methods
- Insider leak: A trusted individual or person of authority with access privileges steals data.
- Payment card fraud: Payment card data is stolen using physical skimming devices.
- Loss or theft: Portable drives, laptops, office computers, files, and other physical properties are lost or stolen.
- Unintended disclosure: Through mistakes or negligence, sensitive data is exposed.
- Unknown: In a small number of cases, the actual breach method is unknown or undisclosed.
How to Prevent Data Breaches
There is no one security product or control that can prevent data breaches. The most reasonable means for preventing data breaches involve commonsense security practices.
This includes well-known security basics, such as conducting ongoing vulnerability and penetration testing, applying for proven malware protection, using strong passwords/passphrases and consistently applying the necessary software patches on all systems.
Here are some steps that will help prevent Data Breaches:
- Protect Information: Sensitive information must be protected wherever it is stored sent or used. Do not reveal personal information inadvertently.
- Restrict download: Any media that may serve as an allegiance to the hackers should be restricted to download. This could reduce the risk of transferring the downloadable media to an external source.
- Ban unencrypted device: The institution should have a ban on the device that airs unencrypted. Laptops and other portable devices that are unencrypted are prone to attack.
- A good password: The password for any access must be unpredictable and hard to crack. Change of password from time to time.
- Identify threats: The security team should be able to identify suspicious network activity and should be prepared if there is an attack from the network.
- Breach response: Having a breach response plan will help in triggering quick response to data breaches and help in the reduction of harm. The plan could contain steps involving notification of the concerned staff or the agency who could contain the breach.