Data Breaches Do they Affect My Business?
With over 13 million people exposed to breaches, leaks, and mistakes in March 2018 the protection of data is becoming more and more important.
You may feel that as a business, in a not very “sexy” sector you are unlikely to be the target of criminals. You may believe your staff wont make human errors exposing credentials. Think again, with the forthcoming GDPR legislation, fines of up to 4% of Gross Revenue can be imposed and your information can become vulnerable for any number of reasons no matter where it is being stored.
But it’s not just the legal requirement that should be driving senior management to focus on breaches and leaks that could affect their business. The leaks recorded over the past month affected over 13 million people and potentially caused loss of revenue, distress to staff and clients and detract focus from the core operations. With the growth in cyber crime at all levels it’s more important than ever to be vigilant and proactive.
13,601,000 was the exact total number of account and data records exposed due to leaks, breaches, and mistakes in March. However,the number of people affected by any given breach frequently changes from the initial reports. For example, Equifax reported in March that 2.4 million more people were impacted by its 2017 breach, and Facebook announced the Cambridge Analytica breach potentially impacted 37 million more individuals than previously disclosed. You may question what this has to do with you? With only six major industries affected by large-scale breaches and data leaks in March you may feel that six doesn’t sound like a big number, does it? But when you take a step back and begin looking at the scope, you can see that breaches and leaks touched a wide cross section of where your data lives, including organizations in retail, healthcare, education, and government, as well as the technology and finance sectors.
Notable breaches by industry included:
- Healthcare: More than 70,000 Tufts Health Plan members have had their names, addresses and member ID numbers exposed through a mailing mistake.
- Government: Over 21,000 marines, sailors, and civilians that had their personal and financial information leaked after an email was sent to the wrong party by the U.S. Marine Corps.
- Retail: Walmart’s jewellery partner, MBM Company, had the personal information of 1.3 million people exposed on an open Amazon S3 bucket, and 880,000 Orbitz customers may have had their payment card information breached.
- Education: An extensive data breach at Florida Virtual School affected more than 368,000 current and former students and 2,000 teachers.
With the increased use of email as a communication tool the number of data leaks due to mailing errors will only increase. From the numbers listed you can see, human error can lead to massive data leaks.
The top three most-exposed types of data in March were: 1) Names, 2) Addresses, and 3) Financial Information. Significant breaches included:
- 10 million National Lottery players in the U.K. were warned that their accounts, including financial information, may have been accessed in a breach
- Applebee’s customers across 167 locations may have had their credit card information breached.
- Up to 15,000 people may have had their personal financial and health information breached through a break-in at Fresno State University.
It’s worth noting that the data exposure from March breaches wasn’t restricted to names, addresses, and financial information.
So what should you be doing about it?
Engage your staff.
Using engaging training, tools and thought-provoking activities, organisations can make staff aware of the daily cyber risks they face and suggest actions and procedures to minimise such risks.
A staff awareness programme should be an ongoing process that begins at induction and is reinforced by regular updates throughout the year and/or whenever staff-related security incidents occur.
An effective staff awareness programme should:
- Help companies identify potential problems;
- Help staff understand the consequences of their actions;
- Ensure procedures are followed consistently; and
- Ensure staff are fully aware of corporate compliance requirements for regulations and frameworks such as the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, the Network and Information Security (NIS) Directive and other cyber security requirements.
Companies like IT Governance can provide guidance and resource in many areas including general staff training.
Secondly look to get external advice on networks, systems and look for your IT suppliers to either have or be working towards ISO/IEC 27001:2013 (ISO 27001) This is the international standard that describes best practice for an ISMS (information security management system). By achieving accredited certification to ISO 27001 it demonstrates that your IT partner is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives.
If you haven’t started your GDPR programme then you may be leaving it a little late. You can find more information about in general here and more specific information from the Guide to the General Data Protection Regulation (GDPR) produced by the information commissioner’s office.
Jonas Metals and Metalogic Activities.
With seemingly new legislation being released every month and requirements like Tax digitalisation heading our way, the security of your data takes a higher and higher priority.
With this in mind, security, which has always been part of the DNA of our systems have now been stepped up to a another level.
With technologies like containerisation and the implementation of a programme to achieve ISO 27001, the security of your data is at the heart of our software design. If you have any doubts or concerns or you have an ERP system that you think might not be meeting all the challenges of the modern world then give us a call or drop us an email. We are here to help.
European Commission Investigation into Imports of Steel Products
We would like to share with you the contents of a letter sent by ISTA to the Rt. Hon. Greg Hands MP, Minister of State for International Trade, concerning the…