The Four Most Common Types of Data Breach

By Alex Chesko

According to a report published the New York State Attorney General’s office 95% of data breaches reported in NY between 2006 & 2013 fell into one of these 4 categories:

HACKING (40.78%) – The most common cause of a data breach is what most of us picture – an individual or group uses some kind of electronic means (stolen passwords, viruses, malware, etc.) to gain unauthorized access to private information on a computer or network.   Something as simple as one employee clicking on a link in a phishing email can compromise your entire network.  Hackers range from cyber-vandals and thieves looking for information they can sell or access to bank accounts, all the way up to sophisticated nation-state actors conducting international espionage and large-scale corporate theft.

LOST OR STOLEN EQUIPMENT/DOCUMENTATION (23.69%) – The proliferation of mobile technology has made businesses more agile and responsive to changing market and customer demands.  The downside to this is they are increasingly exposed to the loss of sensitive data that is stored on those very same devices.  If a laptop, tablet, phone, USB drive, or other mobile device contains customer data and is lost or stolen that data is no longer under your control.  If the device is not encrypted all of the records on it can be compromised.   If the device is used by thieves to connect to your corporate network before the loss is discovered the extent of the breach could be much wider.

INADVERTENT (20.24%) – The accidental loss of sensitive data by an employee is almost as common as the loss or theft of equipment or documentation.   When an employee is not aware of data security best practices or given an inappropriate level of access to company data they can unintentionally cause a breach.  All it takes is for the wrong file to be attached to an email, or the wrong data to be posted to a company website or social media account.  This is a growing concern as businesses are increasingly providing employees with mobile technology and encouraging their use, while often failing to properly protect them or instruct staff on their proper use.

INSIDER WRONGDOING (10.37%) – A disgruntled or former employee who has access to confidential data, or network credentials that are not disabled upon termination of employment can maliciously obtain and distribute that information.   These inside jobs can be the hardest to protect against since the individual often has (at some point) legitimate access to company data.  Once the employment relationship is severed, it is critical to disable their account access and account for any company devices in their possession.  Small businesses without dedicated IT staff sometimes delay this important step or miss it entirely.

Now that we’ve identified the most common types of data breaches you can start reducing your risk with a top down review of your own internal policies & procedures to determine where your greatest exposure lies.  Give our agency a call to discuss how a dedicated cyber liability policy can protect you from the unplanned expense of a data breach.