What is a Data Breach?
A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms for the incident include unintentional information disclosure, data leak, or information leakage.
Often times hackers can access your company’s systems with malware or viruses. These are usually incredibly complicated pieces of software that run undetected on your device, network or servers, quietly stealing data and using it for malicious purposes. The goal of malware is to target vulnerabilities in your hardware, operating system or software and steal information without detection. These weaknesses are called vulnerabilities and can be found by running automated software programs like penetration testing, vulnerability scans or a manual search of your devices, networks or servers.
Other causes of data breaches are human error or insider misuse (including unauthorized access to personally identifiable information, financial and payment card details, and customer records) as well as loss or theft of physical devices holding data including portable drives, laptops, phones, office computers, product prototypes and hard disks. If your business uses a centralized system for data storage, make sure to have it segmented so that a breach in one site or server doesn’t affect another.
If a breach does occur, prepare a communications plan to inform consumers about what happened and how they can protect themselves. Be clear and transparent with your audiences, and don’t make misleading statements that may put people at further risk. Make sure to have a place on your website where updates can be posted, and let consumers know they can visit the page at any time for answers.