When your company experiences data theft, it means someone has stolen digital information to obtain confidential information, trade secrets, or other important data.
Data breaches can occur with insider data theft, malicious intent, or even when someone is simply careless inside the company.
It's important to know that all organisations that experience data theft could also face legal action, financial losses, or reputational damage.
When the GDPR (General Data Protection Regulation) came into effect, all organisations are legally required to report data breaches within 72 hours of becoming aware of the breach, to the ICO (Information Commissioner's Office).
Data breaches can have a significant impact on your organisation, including:
Some of the biggest data breaches in recent history include Yahoo, when an employee fell victim to a phishing attack in 2014, compromising more than 500 million records.
Another example is British Airways when criminals hijacked its website and injected malicious code that diverted traffic to a fraudulent site. It resulted in more than 400,000 compromised records.
Data theft doesn't always come from cyber attacks. There can be other risks to your data, including:
Many data breaches don't occur as a result of malicious intent; human error accounted for almost 90% of all incidents reported to the ICO during 2017 and 2018.
If your company's sensitive data has been stolen, you'll need to take some action.
This can include preventing data theft from continuing, discovering the extent of the damage, and cleaning up the results.
Your response will likely depend on your circumstances; you'll typically need to:
To protect your company's data you'll need to consider where it's stored, how it's accessed, and who has access to it. There are also a few other measures you can take:
Always back up important data regularly and make sure you store it off-site securely. You can add more protection by disabling USB ports, monitoring the copying of data and files to other locations, and preventing users from copying or transferring data altogether.
You can get more advice and guidance from the National Cyber Security Centre (NCSC) guide to cyber security.
Another of your security measures can include setting up an asset register. This should take into account all hardware, software and server equipment.
Be sure to audit the asset register regularly to make sure that all assets are accounted for and that your company's information is safe and secure.
Some of the technologies you should have in place include firewalls, intrusion prevention, virus protection, system monitoring, data leakage prevention, spam filtering, single sign-on, and log file consolidation.
Data theft can cost your company and often this can be prevented. Whether it's reputational damage or financial losses, you need to ensure that cyber security is a priority.
At Swiftcomm, we specialise in data security and we can help protect your company's data against cyber security attacks and data breaches. We have an in-depth understanding of various data protection technologies as well as GDPR requirements to help your company protect its data, handle any existing data breaches, and prevent future data theft.