Businesses today are collecting more and more sensitive data and personal details to optimise customers’ online user experiences. Information such as credit card details, shopping habits and employee records are increasingly stored online and used to improve services for customers. However, if this information were to leak, it could pose a significant threat to a customer’s personal security. Data leaks and breaches are becoming alarmingly common, and there is still considerable confusion around how and why they happen. Corporate data leaks can often be traced to internal staff, with causes ranging from a disgruntled ex-employee, to a structural flaw. Additionally, there is also a common misunderstanding that data leaks and data breaches are the same thing. However, by separating them, we’re able to break down the issues and better understand why these incidents occur.
Data leaks vs data breaches
- A data breach involves an attacker stealing, viewing or using sensitive and confidential data from a vulnerability in the system, or by carrying out the kind of attack that could be prevented with the right security solution in place.
- With a data leak, it’s possible there are no obvious security holes. Instead, the data might have found its way into the wrong hands because of some irresponsible internal action, or for instance, the malicious actions of a discontent staff member.
As more businesses witness data leaks, these are three of the most common weak spots to look out for:
1. Human error
No matter how much internet security you put into a business, human error is one problem that can never be completely accounted for. A recent survey highlighted how human error or accidental loss by an employee is identified as the most common source of a potential data breach – 38% of C-Suite executives and 46% of small business owners recognised this as an area of concern. This was made apparent by an employee at supermarket giant Woolworths, who accidentally leaked thousands of customers’ details online. A misdirected email exposed the personal details of customers and the redeemable codes of over 7,941 gift cards, costing Woolworths a reported $1.3 million, not including the costs of its damaged brand. Companies need to ensure that all employees are “cyber-aware” and that the responsibility of keeping networks secure and keeping mistakes to a bare minimum shouldn’t just fall upon a few specialists.
2. Theft
Data theft isn’t, unfortunately, just performed by external attackers. Former disgruntled employees are stealing data as a way of getting revenge on their former company. Thousands of such cases are happening in Australia - a prime example is BlueScope Steel who had around 40 gigabytes of information stolen by a former employee. Once the employee became redundant, she spent hours downloading a cache of company secrets that were so business critical that emergency legal action was taken. These kinds of data leaks can be avoided by steering clear of unnecessary risks. Where sensitive documents are involved, companies should only be granting access to those who need it and are proven to be trustworthy. If companies store all their data on one giant communal server, this proposes unnecessary risks and dangers.
3. Access misuse
Sometimes it is minor actions which undermine IT network security in a company and lead to data leaks, such as the misuse of information by an employee. Alarmingly, one-quarter of IT professionals share sensitive work information with friends, family, or even strangers.Although these actions aren’t viewed as being malicious or as a human error, they take a company’s sensitive data outside of its control. Companies need to address these behaviours and introduce security protocols to minimise this kind of careless activity.