A data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, data.
The reported number and scale of data breaches has continued to rise. Associated threats are many, including the potential for a number of various frauds using the actual data gained from the breach, or the media awareness around the breach (e.g. phishing attempts from attackers masquerading as employees of the affected company, or regulatory authorities etc.).
If an organisation suffers a data breach, then the consequences can be dire. Financial damages can now include hefty fines from the Information Commissioner's Office (ICO) for non-compliance, and the reputational damage can be difficult to recover from.
The techniques used in many cases are often not particularly advanced. Examples include exploiting unpatched vulnerabilities, phishing campaigns, and by third party suppliers failing to secure data properly. This highlights the importance of nailing down basic security measures.
There are a number of protective measures you can take to mitigate the risk of a data breach. These can be categorised into 3 approaches:
- Use up-to-date and supported operating systems and software.
- Deploy critical security patches as soon as possible.
- Implement application whitelisting technologies to prevent malware running on hosts
.Protect the network
- Use Firewalls to protect services.
- Use an always-on antivirus solution that scans new files.
- Perform regular vulnerability assessments against both internal and external services to scan for any insecure configuration
Protect the information
- Implement a policy of 'least privilege' for all devices and services, which means that users are given only the bare minimum access rights to data/services needed to perform their daily duties.
- Use multi-factor authentication to protect sensitive information.
- Consider using password managers to help prevent password reuse between systems.
- Ensure that all services are protected by strict authentication and authorisation controls.
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.