A data breach is a cybersecurity incident characterized by unauthorized data access. If private business information is mistakenly emailed to the wrong individual, that’s a data breach. If your work mobile device is stolen and can’t be wiped, that’s a data breach too. If a cyberattacker steals your data – you guessed it: data breach.
Since data breaches can be caused by mundane errors, you can bet they happen frequently. Therefore, let’s take a few short minutes to carefully answer your questions about what is a data breach, and talk about why breaches matter and how you can prevent them.
TL;DR: A data breach happens when your data is accessed without authorization. Thank goodness there are relatively easy ways to prevent this! Learn more.
In general, there are two types of data breaches:
In each of these cases, the steps for managing a data breach depend on the type of data that is stolen. If Personally Identifiable Information (PII) like Social Security Numbers, birthdates, or other private information is accessed, along with a corresponding name, you’re required to follow a complex data breach notification process.
Because of the extreme amount of sensitive data collected and held by hospitals and banks, a healthcare data breach and a financial data breach are going to be some of the most complex breaches to respond to.
“Oops” data breaches may be relatively quick and easy to handle. “F***!” data breaches typically require an extraordinary amount of time and effort to fix. They’re extremely costly too.
According to the Cost of a Data Breach Report 2021 published by the cybersecurity experts at Ponemon Institute and IBM Security, the average impact of a data breach includes:
The first step to preventing a data breach is to make sure all your employees can clearly answer the question, “what is a data breach?” Since your employees will always be your last line of defense against a cyberattack, they must be able to clearly identify a dangerous situation and understand when they’ve stumbled into an “oops” type of data breach.
Since the start of the pandemic lockdowns, we here at Interplay have been pushing the idea of Zero Trust security for remote workers. To put it very simply, Zero Trust is a cybersecurity method in which your company assumes all access points are compromised and therefore fully authenticates all devices before granting data access.
According to the Cost of a Data Breach Report, companies that used a mature Zero Trust strategy experienced an average reduction of $1.76 million in costs for their breaches – so, although it takes a little bit of time to set up, Zero Trust definitely pays off.
The other extremely important data breach prevention method is phishing awareness training for your employees. Phishing awareness training helps your staff understand what a phishing attempt looks like and uses repeated testing to help them better ID red flags and avoid falling victim to an attack.
Again, the Cost of a Data Breach Report offers compelling evidence in support of phishing awareness programs: in 2021, 20% of data breaches were initially caused by compromised credentials – which are usually collected through successful phishing attacks.
Other important tactics include:
For 20 years, the friendly and knowledgeable team at Interplay in Seattle has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.