BotNet News

Data Breach is a security incident that leads to loss, alteration, illegal destruction or unauthorized disclosure of personal information processed, stored, transmitted by an organization. It can cause financial loss, damage to reputation, legal liabilities and regulatory actions.

Attackers steal an employee’s work or personal device to gain access to sensitive company data, break into company offices to take paper documents and hard drives with payment card information on them, put skimming devices on physical credit and debit cards in order to collect payments, or hack into a service provider’s network. It is possible for even a small business to have to pay large ransoms or face significant fines and penalties after a breach.

For a healthcare company, it may mean that some of its clients’ data was exposed, and if it includes special category personal data (such as medical records), it may need to inform those individuals too. Some states have time-sensitive laws affecting when and how the affected individuals must be notified. Others have laws affecting whether or not the notification requirements apply to electronic or paper materials.

To prevent data breaches, the organization should have policies and procedures in place to verify the identity of users before granting them access to system resources, implement password complexity, use two-factor authentication or other methods to increase login security, and update operating systems, applications and software with known vulnerabilities. Additionally, the organization should encrypt data at rest or in transit to make it harder for attackers to retrieve and interpret it if compromised.