DATA BREACH:TYPES: WHAT TO DO...

Picture credit: CIO Australia

Informed by my previous posts, I would like to take this opportunity to discuss a little about Data Breach;

Definition: Simply put, this occurs when information ( this may include sensitive, proprietary or confidential information) is viewed, used, stolen or taken from a system without authorization.

What is usually stolen: Credit card numbers, customer data, trade secrets etc all of which can amount to the Intellectual Property of organizations.

Internal data breach- Employees

External data breach- Hackers, hackers, cybercriminal organizations and state-sponsored actors

2017 notable data breaches

·        Equifax- The hackers had access to names, Social Security numbers, birth dates, addresses and driver’s license numbers. The credit card numbers of about 209,000 people and dispute documents with personal identifying information of about 182,000 people were stolen. This was the largest data breach in history.

• United States-South Korea classified military documents-  It was claimed that North Korean hackers stole over 235 gigabytes of military documents, including classified wartime contingency plans that were drawn by the United States and South Korea, when they breached the computer network of the South Korean military last year.

• Panama Papers-  In this instance, 11.5 million documents were leaked detailing financial and attorney–client information of more than 214,488 offshore entities. This was secret personal financial information about wealthy individuals and public officials.

·        Uber Data breach- See previous posts...

Having considered the above, I guess you may be wondering, how do I protect my IP?



Picture Credit: Meetup.com

·        Develop contracts that ensure legal consequences for unauthorized disclosure, utilizing and theft of sensitive information. External vendors and contractors should also be mandated to execute such agreements. Upon exit of staff, it is important to ensure that password are changed and computers as well as personal devices do not have sensitive information

·        Systems and Networks should be patched to prevent cyber-criminality and regular security audits should be conducted. Networks should be secured with a personal or corporate VPN.

·        Educate employees on threats and guidelines on handling threat situations. Management and employees should be periodically trained on cybersecurity policies and procedures. Employees should also be instructed on what may be revealed on social media. Official confidential information should be an absolute no-no.

·        Laptops, mobile devices, desktops should be protected by updated security software. Relevant usage data should be developed for your organization’s technology.

·        Emails from unfamiliar senders should not be opened.

·        Restrict the use of personal devices by employees in the office. This should be avoided unless absolutely necessary.

·        Restrict the amount of employees with access to confidential information. Access should be granted on a need to know basis and revoked upon termination of the need.

·        A breach should be reported timeously and management of the company MUST respond immediately

Informed by my previous posts, I would like to take this opportunity to discuss a little about Data Breach;

Definition: Simply put, this occurs when information ( this may include sensitive, proprietary or confidential information) is viewed, used, stolen or taken from a system without authorization.

What is usually stolen: Credit card numbers, customer data, trade secrets etc all of which can amount to the Intellectual Property of organizations.

Internal data breach- Employees

External data breach- Hackers, hackers, cybercriminal organizations and state-sponsored actors

2017 notable data breaches

·        Equifax- The hackers had access to names, Social Security numbers, birth dates, addresses and driver’s license numbers. The credit card numbers of about 209,000 people and dispute documents with personal identifying information of about 182,000 people were stolen. This was the largest data breach in history.

• United States-South Korea classified military documents-  It was claimed that North Korean hackers stole over 235 gigabytes of military documents, including classified wartime contingency plans that were drawn by the United States and South Korea, when they breached the computer network of the South Korean military last year.

• Panama Papers-  In this instance, 11.5 million documents were leaked detailing financial and attorney–client information of more than 214,488 offshore entities. This was secret personal financial information about wealthy individuals and public officials.

·        Uber Data breach- See previous posts...

Having considered the above, I guess you may be wondering, how do I protect my IP?

·        Develop contracts that ensure legal consequences for unauthorized disclosure, utilizing and theft of sensitive information. External vendors and contractors should also be mandated to execute such contracts. Upon exit of staff, it is important to ensure that password are changed and computers as well as personal devices do not have sensitive information

·        Systems and Networks should be patched to prevent cyber-criminality and regular security audits should be conducted. Networks should be secured with a personal or corporate VPN.

·        Educate employees on threats and guidelines on handling threat situations. Management and employees should be regularly educated on cybersecurity policies and procedures. Employees should also be charged on what may be disclosed on social media. Official confidential information should be an absolute no-no.

·        Laptops, mobile devices, desktops should be protected by updated security software. Relevant usage data should be developed for your organization’s technology.

·        Emails from unfamiliar senders should not be opened.

·        Restrict the use of personal devices by employees in the office. This should be avoided unless absolutely necessary.

·        Restrict the amount of employees with access to confidential information. Access should be granted on a need to know basis and revoked upon termination of the need.

·        A breach should be reported timeously and management of the company MUST respond immediately