Why do data breaches happen?
Data breaches aren’t just the result of cyber attacks. There can be many other causes:
Weak and stolen credentials:
Many websites use off-the-shelf software, applications and plugins, which often contain vulnerabilities that can be exploited by criminal hackers.
Common website and web application security issues include potential for injection, privilege escalation and cross-site scripting.
Designed to disrupt and gain unauthorised access to a computer system, malware encompasses Trojans, social engineering, worms, viruses and spyware.
Human error accounted for 88% of incidents reported to the ICO in 2017/18.
How can data breaches be prevented?
Data breach prevention isn’t as simple as just installing antivirus software. Your ability to avoid a breach relies on three pillars: people, processes and technology.
Start with your staff:
Improving security training for employees is the best defence against cyber attacks. Find out how you can familiarise your staff with the basics of information security.
Implement basic cyber security measures:
Cyber Essentials is a framework that is suitable for small organisations and can help prevent up to 80 % of cyber attacks through the implementation of five basic controls.
Follow a proven information security framework:
Implementing an ISMS (information security management system) provides a systematic approach to protecting and managing your organisation’s information through effective risk management and is a more comprehensive approach to information security than Cyber Essentials.
Tighten up your technology:
All organisations should have the following technologies in place:
- Intrusion prevention
- Switched networks
- Malware/ virus protection
- Log file consolidation
- System monitoring
- Single sign-on
- Data leakage prevention
- Spam filtering
What makes us different
- We have an in-depth understanding of the GDPR’s requirements and how they can be met.
- We provide a complete compliance support service to help your organisation achieve GDPR compliance.
- Our specialist team has extensive data protection and information security management project expertise, both in the UK and internationally.
- We provide a total cyber resilience solution, comprising books, toolkits, software, consultancy, penetration testing, training and audits.
- We are the pioneer of ISO 27001, having led the world’s first successful implementation project.
- Our vast technical expertise, combined with extensive experience implementing frameworks and standards across a broad range of industries and countries, means we are unrivalled in our depth and breadth of services.
- We work with your organisation to tailor services that meet your budget and business objectives.
Find out how we can help you prepare for and respond to a data breach
1Cyber Security Breaches Survey 2018