With GDPR lurking in the background, it has become crystal clear that having good information security pays off and not having it causes, well, over 1 billion euros in fines issued since v2018.
As of January 2022, the Netherlands come in hot at second place of top data breaches in Europe with 92,657 reports. Germany reigns supreme with 106,731, but is that truly a number to be proud of...? Not when hefty fines are also right around the corner, Luxembourg taking the cake with a fine of 746,000,000 euros.
Obviously, no one wants that. We'd all rather spend our money elsewhere. But organizations can be careless, think they've applied enough security or don't even realize something counts as a data leak (like loss of availability of personal data...). That makes a data leak simple business, and we would like for you to be prepared!
The best way to prepare is by downloading our free whitepaper: “Keep your organization free of data leaks” and learn the best practices.
Easy-peasy lemon squeezy: examples of data breaches that can happen
So how easy are we talking, really? Here are five examples that could happen to your organization if you fail to take the right steps:
1. Sending information to the wrong recipient
Ouch, simple yet effective and the biggest cause of data leaks: sending sensitive data to the wrong person.
- It happened to the Dutch municipality Assen, when an employee had sent a file containing 530 persons' personal data to the wrong email address. Simple mistake like auto-fill led to major consequences.
If the user had known that the wrong email address had been entered before sending, this mistake could have been avoided. An extra check regarding recipients can limit this risk of human error.
2. Email addresses of all recipients in CC
Whoever puts all addresses in the cc, makes all recipients in that group public.
This happened recently to another Dutch municipality: an email was sent with all 123 recipients in the cc. While some aren’t aware that an email address is sensitive data too, it is. In this case, the email addresses should have been kept private from everyone. This also went wrong earlier, when the Dutch Data Protection Authority accidentally used the CC button, instead of the BCC.
A check on recipients can prevent data from being shared with everyone in the recipient group. But even better: a check on recipients in the to, cc, or bcc field could help the sender to be aware what will be exposed when an email is sent.
3. Unsafe servers
It is not only important to send data securely, it should also be stored securely.
4. Weak passwords
What gives access to secure data? The credentials needed to get through security. Creating a strong password, which is difficult for hackers to guess, ensures that access can’t simply be obtained.
- In 2014, such an example hit Ebay: hackers gained access to databases full of sensitive data via credentials of 3 employees.
Create strong passwords, so you make it more difficult for malicious parties to gain access to your information. But that's not all: changing that password regularly is even more effective. Therefore, make it a habit to renew your passwords every now and then.
5. Lack of the right encryption
- Did you know NASA has been guilty of using unencrypted email? Well, now you do. According to an audit done in early 2022, NASA employees were sending unencrypted email containing SBU data, personally identifiable information, and International Traffic in Arms Regulations data, any of which could expose the Agency to a risk that can affect national security. The lack of proper encryption puts them at direct risk of compromising sensitive data. Ouch....
Encryption is one thing, but applying it properly is equally important. Zero-knowledge end-to-end encryption is a way to ensure that data remains protected. This applies to malicious parties as well as data processors.