Data breach
If your business or organisation is dealing with sensitive, protected or confidential data, handling it with caution is important. After all, there is a chance that this information could intentionally or unintentionally fall into the hands of third parties. As soon as such data is copied, transmitted, viewed, stolen or used by a person who does not have permission to do so, you are dealing with a data breach.
How does a data breach arise?
A data breach can occur as a result of a security vulnerability. This allows cybercriminals to gain access to computer files containing personal data, financial information, or trade secrets. Other examples of ways in which personal data inadvertently ends up in the hands of others include:
- A business email sent to a wrong address;
- Business laptops and USB sticks that are stolen or lost;
- Discarded business computers, smartphones and tablets that are resold without being wiped clean.
Handling sensitive data
Many data breaches also arise because internal employees handle sensitive data carelessly. Or they are not aware that the information may be of interest to a third party. It is not possible to protect all information within your organisation. Make an inventory of sensitive information and handle it with care. Handling with care means, for example, not sharing the information with everyone in the organisation, and training (in Dutch) the people who work with the data. When an employee is aware of the type of information they are working with and why it is important to handle it carefully, they are less likely to make mistakes or handle the data carelessly.
Tips to prevent a data breach
Naturally, you do not want your sensitive, protected, or confidential company data to be exposed. Keep company information safe and prevent it from being viewed or made public. The greater the awareness and the stricter the measures, the better. That way, if equipment is stolen or lost, the risk of business loss or a data breach is reduced. Here are some tips for preventing a data breach:
Collecting names, dates of birth, medical or financial data is made easy by various systems. But do you really need this data? Take a good look at whether the information you collect and store is relevant to your work and business processes.
The use of various systems usually means that information is stored automatically. You may be storing much more sensitive data than you actually need for your work. Take a good look at whether personal data of former customers, payment dates, or login details from the past are useful to store.
If it is necessary to give certain employees access to sensitive data. Think this through carefully in advance. Keep track of which employee has access to which type of information and if they need it to do their work.
If you are dealing with sensitive data, secure it well and store it in as few places as possible. You reduce the risk of unconscious data leaks if you store such information centrally, grant employees selective access, and keep track of which information is available to whom. Do not forget to make regular backups and to keep systems up-to-date.
Even when employees are well trained, mistakes can happen. In addition to a tight security mindset, you can also use Data Loss Prevention (DLP) software. DLP software detects potential data breaches by monitoring, detecting, and blocking sensitive data. For example, when using DLP software, you can classify and manage critical information. Unauthorised end users cannot accidentally or with malicious intent access or share data with third parties.
The use of other security measures (in Dutch), such as regular pen-testing of software, antivirus and malware protection, strong passwords, and patching, can also reduce the risk of a data breach. But to keep data breaches to a minimum, it is crucial that employees are constantly trained and aware of the risks in order to keep data breaches to a minimum.
Were your login details leaked?
There is a real chance that your data has been stolen or leaked. That makes you an easier target for phishing or online fraud. So, take some precautions. The steps to take if your data has been leaked depend very much on what data has been leaked. Are your login details in a data leak? Then take these steps:
Verify through official channels with the ‘leaking’ business whether your data was actually leaked and, if so, what data was leaked.If your personal data has been misused (for example, a phone subscription in your name), you can report this to the Central Identity Fraud Disclosure Office ( CMI). If your personal data have not yet been misused, you do not have to report to the CMI.Has a copy of your identity document been leaked? Then you may want to consider applying for a new identity document from your municipality as a precaution.
If your login details have been leaked, quickly change your password for this company account. Note! If you also use this password with other accounts, you should change it there too!In future, never use the same password for different accounts. This is because cybercriminals use the captured login details from data breaches on other accounts in the hope that you have reused your passwords.
Inthe period after the data breach, cybercriminals may try to use the captured personal details or data to make their phishing emails, helpdesk fraud or invoice fraud more convincing, for example. Be extra alert to this.
Has your account been taken over by cybercriminals after a data breach? Then read what you need to do to recover your hacked account (in Dutch).
Reporting a data breach
Always report cybercrime to the police. Possibly, you also need to notify other organisations, depending on the type of cybercrime you are a victim of. Read more about reporting a data breach.