[BreachExchange] What is a breach of data protection?

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 29 18:58:00 EDT 2018


Data breach means exposure of personal information like social security
numbers, credit card numbers, healthcare histories and corporate
information, such as manufacturing processes, customer lists and software
source code. If a person, who is not authorized to do so happens to see
such data, the organization that has authority of protecting that
information is said to have faced a data breach.
If the data breach results in the identity theft, violation of government
or industry mandates, the offending organization may have to face trial.

Causes of breach in data protection

Phishing: Everybody should be aware of the phishing tactics and recognize
phishing scams. Implement an updated and smart firewall that will detect
and stop phishing emails.

Loss or theft of a corporate asset: Safeguard the data on your device with
encryption and get a solution that offers the ability to clear all the data
from the lost or stolen device.

Abuse by an insider: Keep up visibility into how users are accessing and
sharing the data with detailed audit reports that show an entire history of
custody. Combine this with the ability to get the access back to all data
or the specified files and folders for complete control of data access and

Inadvertent misuse by insider: Establish and maintain control across your
entire mobile environment with customizable policies. Limit the data access
depending on the employees’ job and needs. With a solution that creates a
balance in the data usage through file classification and rule-based
permissions, you can make sure that even if data is shared with the wrong
person, it will not be exposed.

External attack: To make sure that your business partner has the same level
of security like yours, create a clear set of policies. Having an agreement
with certification standards and specified requirements make sure your data
is protected when it resides with third parties.

Loss/theft of a partner’s asset: Have a filter for data access with the 3rd
party vendors and business partners. Give access only to the needed files
and folders. Allowing view-only or automatic link expiration by the user
will ensure appropriate access.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180529/607666f7/attachment.html>

More information about the BreachExchange mailing list