Planning for a data breach protection plan

Considering the average cost of a data breach in 2019 hit $8.19 million and how in just the first six months of the year there were more than 3,800 data breaches, it’s essential you know the types of breaches to look out for and more importantly how to protect from them.

In this video or the transcript below learn more about data breach statistics from 2019, the data primarily at risk in a breach, how to create a data breach protection plan, and the six different types of data breaches.

Video Transcription

What Is a Data Breach

A data breach is a security incident where protected data like names, social security numbers, and financial records are accessed by or exposed to unauthorized viewers.

Data breaches can be both intentional and unintentional, and exposures can be either physical or digital.

Data Breach Data From 2019

2019 data breach statisticsTo help understand just how important data breach protection is, here are a few statistics from 2019 alone.

During 2019 the average total cost of a data breach and the average cost per document both increased from the previous year:

  • Average cost per breach: $8.19 million
  • Average cost per document lost: $242

In September of 2019, Facebook suffered a data breach where 420 million users had their phone number, name, gender, and country information stolen, and although the number is staggering, during the first six months of 2019 there were more than 3,800 data breaches in the US.

What Types of Information Do Data Breaches Target?

There’s a range of protected information types that are at risk of being compromised in the event of a data breach. Some of the most valuable targets include:

  • Personally Identifiable Information (PII) – name, phone number, address, date of birth, etc.
  • Social security number
  • Credit/debit card numbers
  • Driver’s license
  • User names/passwords
  • Protected health information (PHI)
  • Financial accounts/records
  • Legal records
  • Corporate information/intellectual property (IP)

How Many Data Breach Types Are There?

Despite the fact that they all involve the loss of sensitive information, not all data breaches are alike.

Rather than using it as a general term, data breaches can be broken down into 6 main sub-categories based on what was stolen or exposed, and how it happened:

  • Hacking
  • Denial of Service (DoS)
  • Physical theft
  • Insider theft
  • Employee error
  • Accidental exposure

Breach Type 1: Hacking

Data breach type 1 is hackingThere’s a wide range of ways for a data breach to occur, but hacking is among the most common. Protecting yourself from hacking isn’t important just because of how frequently it happens though, but also because the tactics cybercriminals use are constantly evolving.

Techniques used by hackers today include:

Malware

Malware is used as a general term for things like viruses and spyware, and is designed to directly steal data.

When a single device is infected it can spread throughout a connected system, and during a study in 2018 it was found that 92% of malware attacks come from email.

Ransomware

As the name implies, in a ransomware attack data is stolen by a hacker and held hostage in exchange for payment. Being the thief they are however, in many cases even when companies pay the ransom hackers don’t give the files back in return, meaning they get both your data and your money. In 2018, 45% of companies paid ransoms, but only 26% got their information back.

Phishing

One of the most common and classic hacking methods, in a phishing attack an email is sent impersonating a trusted sender like Amazon or UPS. When the victim clicks on a link in the email or downloads an attachment they will be unintentionally downloading a virus as well.

Breach Type 2: Denial of Service (DoS)

A Denial of Service (DoS) attack is designed to shut down a machine, network, or website by overwhelming it with requests, blocking other users and as a result making it inaccessible.

One DoS method is called a “flood attack”, where the target is flooded with more traffic and requests than it can handle, in turn causing it to slow down and eventually stop.

Alternatively, systems can be shut down when vulnerabilities are exploited to lock out actual users like employees and customers.

Breach Type 3: Physical Theft

While it may not be a group of ski-masked criminals breaking in during the middle of the night with flashlights, physical theft is a very real—and common—threat to keep in mind.

There are multiple methods thieves use like stealing hard-copy documents or plugging a USB drive in for a quick download, making it essential you ensure your sensitive information is safely stored at either an off site storage facility or in secure document management system (DMS) software.

Data Breach Type 4: Insider Theft

Breach type 4 insider theftRather than physical theft that primarily comes from external sources, with insider theft the greatest risk is employees themselves.

Working every day in the office, employees know what the most sensitive information is, where it’s kept, how it’s protected, and in some cases how to access it—as a result leaving it unprotected despite all the external protections you have in place.

Although the risk of insider theft always exists to some degree, companies can greatly decrease the chances of it happening to them by also implementing internal safeguards like tiered access controls to limit who is able to access critical information.

Data Breach Type 5: Employee Error, Negligence, Improper Disposal, & Lost Files

Like insider theft, employee error is unfortunately a risk that can’t be completely eliminated.

It includes things like accidentally sending sensitive data to the wrong person, uploading it to public locations, or misconfiguring servers where the data is stored.

With employees simply being unaware of their mistakes, the best way to ensure you avoid data breaches caused by employee error is to conduct regular training where things like hacking signs to look out for or how to safely store and manage your data can be covered.

Data Breach Type 6: Accidental Exposure

Accidental web/internet exposure breaches often occur when companies are in the middle of a migration to cloud-based systems. Their stored data is left on an exposed server and without basic protections like passwords.

To underline the importance of ensuring server security, when 420 million Facebook accounts were breached in 2019 they were found on a just a single exposed server.

Data Breach Protection and Response Plans

Data breach protection and response planningThere are five main components to a data breach protection and response plan:

  • Identification – Identify physical and cybersecurity risks to your data, and perform annual information risk assessments.
  • Protection – Implement internal and external safeguards to protect your data such as encryption, access controls, and employee training.
  • Detection – Know the signs to be on the lookout for in order to better detect breaches. 68% of the breaches today go unnoticed for months.
  • Response – Create a response plan for what to do if a breach occurs. Follow up to find how it happened for future protections.
  • Recovery – Have a data backup plan in place for replacing lost or stolen data, systems, and services. Be sure to regular test and update systems

Get Free Quotes On Data Breach Protection Services

At Shred Nations we partner with a nationwide network of document destruction and management professionals in order to provide the specific protections you’ll need for preventing data breaches.

Join Apple, Amazon, and countless other companies and organizations we’ve helped to improve their data breach protection and safely handle their physical and digital data by simply filling out the form to your right, giving us a call at (800) 747-3365, or contacting us directly with our live chat. 

Data breach types prevention tips infographic