A “data breach” is now a term that is used in the cyber security industry to mean any one of a number of things. In its simplest term however, a data breach is a security violation, where sensitive or protected data is copied, transmitted, viewed, or stolen by someone without the required permissions. You may sometimes hear data breaches referred to as “leaks” or even “data spills” but these all cover the blanket term for someone accessing information that they shouldn’t be.
3 types of data breaches
Whatever you call them, data breaches usually occur as one of three types: physical, electronic, and skimming.
A physical data breach involves the physical theft of documents or equipment holding private information, such as card receipts, physical files or even physical devices like computers and hard drives.
This is sometimes referred to as corporate espionage, which is a very extreme type of data breach. For example, if an employee believed their employer was inappropriately acquiring funds, they might attempt to steal receipts to try and prove this theory. Despite the employee’s good intentions, this would be an act of corporate espionage and qualify as a physical data breach, likely leading to them losing their job and facing some serious repercussions.
Another type of breach is an electronic data breach, whereby an attack is made on the computer systems or network to gain access to where data is stored. In many cases, digital receipts of purchases are kept on a database, so attempting to steal these rather than the physical copies would be a count of an electronic data breach.
This is why it’s important to encrypt your files if you’re storing personal or sensitive information and was one of the main reasons for GDPR being introduced, helping to protect each individual’s privacy.
The third type of data breach is called skimming, which involves the capture and recording of data – most commonly the magnetic stripe data on the back of credit cards. Thankfully with the development of card readers over the years, skimming has begun to decline, but it’s still something to be cautious of when using your card in public.
Inserting your card into a corrupt ATM machine or using a card reader in a restaurant or shop could leave you vulnerable to a potential skimming data breach. Ensure you never leave your card unattended and be careful when fully inserting the card into another device.
How to avoid a data breach
Unfortunately, avoiding a data breach is often out of our hands, but there are several things you can do to keep your information safe, both as an individual and as an organisation.
As an individual:
- Never share your private details or passwords with anyone
- Shred documents or receipts once they are no longer required
- Be careful what you interact with or download online
As an organisation:
- Operate a clean desk policy to ensure all documents are stored correctly
- Identify areas where data is stored, transferred, or collected and ensure security policies are up to date and all information is properly protected
- Limit who has access to sensitive information
- Ensure firewalls and anti-virus software are up to date on all devices and restrict use of personal devices in the workplace
- Invest in cyber security awareness phishing training for your employees to encourage them to be the first line of defence against cybercrime
Find out more
If you want to find out more about how you can protect your organisation from a potential data breach, then Boxphish has a number of courses and learning journeys which can help.
At Boxphish, we are passionate about providing our users with the skills needed to identify and avoid cyber-attacks, reducing risk and protecting both the individual and the organisation. We use interactive training and real-world attack simulations to educate and train our users, with courses tailored to individual needs and industries. Click here to find out more and book your demo today.