In our recent article Notifiable Data Breaches: It’s time to understand your risks and reporting responsibilities, we highlighted the importance of understanding the Notifiable Data Breach (NDB) legislation and how it affects your business. In this article we are exploring the common causes of NDBs and how they can be prevented.
When discussing NDBs, many people assume that they are caused by cyber threats and phishing scams. Malicious or criminal attacks accounted for 62% of the reported NDBs between April and June 2019. However, the second highest cause of breach was human error with a reported 34% of breaches being attributed to man (and woman) made mistakes.
Accidentally sharing information
This human error statistic is perhaps not surprising when you consider that, according to Microsoft, more than 58% of Microsoft 365 users accidentally share information.
The Office of the Australian Information Commissioner reported that breaches caused by accidentally sharing personal information included:
- Unauthorised disclosure (including verbal disclosure, unintended release or publication and failure to redact documents)
- Personal Information being sent to the wrong recipient (including via fax, email and mail)
- Loss of paperwork or data storage devices (including laptops and USBs)
- Failure to use BCC when sending email
- Insecure disposal
To reduce these mistakes, it is important that a business has clearly defined processes in place, especially when concerning personal information. These processes are especially relevant when dealing with personal information.
All too often businesses are unaware of their data estates and the information being stored within them. For example, a travel agent might request a copy of a passport photo page. If the company does not have the correct processes in place, this copy can be saved in data estates. By simply deleting the file once the agent had confirmed the booking, the risk of sharing information is removed.
Likewise, organisations that request 100 points of ID as part of an employment or rental property application should ensure that they have processes in place to manage how this information is sourced and stored. By not storing the information, the risk of sharing is again removed.
Improving password security
In addition to accidentally sharing information, password security – or lack thereof – can enable cyber threats and increase your risk of data breaches. Despite cybersecurity and phishing scams being commonplace, research shows that 75% of individuals use only three or four passwords across all of their accounts.
To improve security and protect your data, consider embracing Modern Desktop technology. With increased and integrated layers of security, Modern Desktop applications include protocols such as two factor authentication.
How can DBT help?
IT Security should be a major consideration for any business leader. However, whilst it might be top of mind, in many cases security is not given the attention it requires until it becomes the afterthought of an incident, or breach.
With staff focussed on delivering core tasks, relying on internal resources to ensure your IT security is effective, can be risky. Identifying a partner who has experience and in-depth IT security knowledge can limit your risk and potentially save money in the long run.
Dynamic Business Technologies have assisted numerous businesses to implement improved IT security capabilities and create clear policies and procedures for staff to follow in the event of a breach.
To create these policies, the DBT team undertake a thorough assessment of the current IT infrastructure and supporting policies, and create a detailed report identifying all risks and how to mitigate them.
Dynamic Business Technology (DBT) has been providing expert IT support and advice for more than a decade. With offices in Newcastle, NSW and regional Victoria, we offer a raft of IT services including modern desktop transformation.
DBT is an experienced and trusted IT partner with a focus on security, collaboration, communication and strategy.
If you would like to find out more about how to reduce your risk and protect key data, contact DBT today.