Cyber security is an issue that’s more important now than ever. According to a report by CyberEdge, 82% of organisations in the UK have faced a cyber attack in the past two years.
This isn’t a threat that only faces big organisations or an unlucky few. There are dozens of incidents each day at organisations across all sectors. They might not make headline news, but they’ll have severe consequences for those involved.
But how are organisations falling victim? In this blog, we break down seven of the most common ways that data breaches occur.
1. Human error
Something as simple as including the wrong person in the Cc field of an email or attaching the wrong document to an email could cause a data breach.
We’re all liable to make mistakes – it’s human nature – but employees need to understand the most important elements of information security. Meanwhile, all staff, technical or not, need to familiarise themselves with the organisation’s security policies and procedures.
2. Malicious insiders
A core part of an organisation’s security practices are access controls. These limit the information that’s available to employees, ensuring that they can only access records that are relevant to their job.
Meanwhile, strict controls should be placed on highly sensitive information to ensure that only trusted, top-level employees can access the information.
Doing so reduces the risk of an employee deliberately breaching information, whether they’re doing that for personal or financial reasons.
3. Physical theft
Most discussions of security focus on digital data, but many organisations need to be equally concerned about the protection of physical records. This could be files stored on the organisation’s premises, records that employees print out or the devices on which information is stored.
With hybrid working becoming the norm, organisations must address the risks associated with employees keeping company laptops in their homes. Likewise, data breaches can occur if removeable devices or company phones are lost or stolen.
Ransomware is one of the fastest-growing threats that organisations face. The US reported 65,000 attacks last year, resulting in what some are calling a national security threat – and things aren’t much better elsewhere in the world.
Attacks works by infecting an organisation with malware that worms through an organisation’s systems, encrypting data and forcing the victim to halt operations that require those systems.
The criminals then issue a ransom demand to the organisation, requesting a payment in exchange for the decryption key.
Cyber security experts urge victims not to pay up, because there is no guarantee that the attackers will keep their word, but many take the risk anyway – which is why ransomware attacks remain so prolific.
Emails are a common part of our daily lives, making them a popular attack vector for cyber criminals.
Crooks might adopt the seemingly legitimate credentials of such organisations as insurers, banks, etc. to gain access to your personal information by encouraging you to click an unsafe link or download a malicious attachment.
Are you prepared for a data breach?
If your organisation is to prevent security incidents, you must be able to identify the threats you face and how they can occur.
This can be a labour-intensive task, but our risk assessment tool vsRisk does the work for you.
But by using vsRisk, you simplify the risk assessment, receiving simple tools that are specifically designed to tackle each part of the process.
This software package is:
- Easy to use. The process is as simple as selecting some options and clicking a few buttons.
- Able to generate audit reports. Documents such as the Statement of Applicability and risk treatment plan can be exported, edited and shared across the business and with auditors.
- Geared for repeatability. The assessment process is delivered consistently year after year (or whenever circumstances change).
- Streamlined and accurate. Drastically reduces the chance of human error.
We’re currently offering a free 30-day trial of vsRisk. Simply add the number of licenses you require to your basket and proceed to the checkout.
A version of this blog was originally published on 11 December 2018.