Unfortunately, a data breach cannot always be prevented. Hackers will try to find every hole in your security to exploit.
But often employees themselves are also guilty of careless handling of sensitive data.
Content data breach prevention
What is a data breach?
We speak of a data breach or privacy leak when personal data falls into the wrong hands.
Thus, a data breach involves unauthorized or unintended access to personal data. But also to the unwanted destruction, loss, alteration and disclosure of personal data. Indeed, this, too, may harm the individuals involved.
Examples of data leaks: leaked computer files, a (stolen) customer list, cyber attacks, e-mail sent to wrong addresses, stolen or found laptops, discarded unformatted computers and lost USB sticks.
7 Tips to prevent a data breach
1. Make your employees (privacy) aware
Among other things, from the risk of hacking, phishing and malware. For example, you can use the information from the “check first then click” campaign of veiliginternetten.nl.
2. Secure (mobile) devices
There are several measures you can take to limit the damage in the event of a data breach due to loss of a cell phone, for example. For example, encrypting the hard drive, using strong passwords and using multi-factor authentication.
3. Hold an internal cleanup campaign
For example, delete emails or files that are no longer needed. After all, these often contain personal data. Or clean up address books. This prevents a data breach from unnecessarily affecting a lot of personal data. Or that malware spreads much further.
4. Update your software regularly
Install updates regularly and see if automatically installing updates is a workable solution for your organization.
5. Do not share data via whatsapp
Many problems start with laziness. Simply creating a WhatsApp group and then sharing sensitive data on it is out of the question! Anyway, we do not recommend using WhatsApp for business.
6. Set the BCC as the default option in your email program
You know them. Emails where 100 people are in the cc. Not only annoying but it is also a form of a data breach. With this tip, you reduce the chance of a data breach by preventing an employee from accidentally making group email addresses visible to everyone. So BCC people instead of CC.
7. Keep a list of incidents
Even if they have not been reported to the Personal Data Authority. you can learn from the incidents and you can demonstrate that you have visibility into the mistakes within your organization.
Reduce your appetite for data
A lot of data is being collected these days. Storage costs almost nothing anymore so why not collect all the data?
When you as an organization are faced with a data breach, a possible fine can be high. Not storing personal data or deleting it (earlier) is safer than collecting and using too much (unnecessary) data.
You always have to ask yourself, do I really need this data for my business processes. Collecting data because you can is highly irresponsible.
Make your employees aware
Most leaks occur because of human error. Therefore, make sure solutions are user-friendly.
With role-based access control, you restrict access to data where the user’s role is leading. Always ask the question: who should have access to what data, and why?
Almost always, the conclusion will be that not everyone should have the same access rights.
Also watch for abnormal behavior. This is where the GGD went badly wrong. Employees could export entire lists of sensitive personal data without difficulty . One way is to create a profile for each user so that anomalous behavior is more quickly uncovered.
Suppose a call center worker needs access to about ten files a day to do his job and then suddenly opens forty files a day, that is aberrant behavior. Then an alarm should go off.
In doing so, be sure to safeguard the privacy of your employees.
Create a script
Make sure you have a playbook that defines which systems are mission-critical, who should be called in in what order for which problems to be resolved as quickly as possible and what the message should be to employees, customers and suppliers.
Make sure your employees know the procedure. Have an internal or external expert look at your network regularly and have him/her review staff reports.
Still a data breach? Time for action!