A data breach occurs when someone unauthorized accesses personal information stored by your company. It can be caused by a variety of reasons, from hackers to human error. You can prevent most of these breaches by performing a risk assessment to identify vulnerabilities and taking preventive measures.
Sensitive information is not only financial information, such as bank statements and records, mortgage documents and photos of ID cards, but also account credentials (usernames and passwords)—which are highly sought-after commodities for cybercriminals. Medical information can also be compromised, including test results and patient records. Finally, your company or federal information can be compromised—such as internal communications, classified records and meeting notes.
The most common cause of a data breach is hacking. There are many ways that hackers can gain unauthorized access, including social engineering attacks that trick employees into downloading malicious files. It can also occur when employees leave the company—especially if they leave on bad terms—and have access to confidential information on their work computers or mobile devices.
Another common cause of data breaches is when a company’s infrastructure becomes compromised. This may be due to improper configuration of systems or a lack of regular maintenance, such as patching and updating software. This type of data breach can be prevented by implementing strong cybersecurity practices and regular maintenance.
If a data breach does happen, you should activate your cyber incident response plan immediately. Consult with legal counsel and leaders from your IT, business and risk management functions to determine the best course of action for reporting and responding to a data breach.