SECURITY BREACH
It is very common for a virus to attack our computer and normally, it is something that is usually solved without major problem. But what if this virus means a loss of information from your customers and you don't know where that data goes? In that case, you will have suffered a security breach that, since the General Data Protection Regulation (RGPD) came into force, it is mandatory to notify both the interested parties and the Spanish Data Protection Agency (AEPD). In this post we are going to explain what exactly security breaches are and how they should be managed.
What Is A Security Breach?
According to the AEPD itself, a security breach is "a
security incident that affects personal data", regardless of whether it is
the consequence of an accident or of an intentional action and whether it
affects digital data or data paper. Furthermore, these security breaches cause
the "destruction, loss, alteration, communication or unauthorized access
of personal data."
For their part, the Considered Parties of the RPGD also
offer us a definition of a security breach, understood as "any violation
that causes the destruction, loss or accidental or illegal alteration of
personal data transmitted, preserved or otherwise processed, or communication
or unauthorized access to said data”.
That is, for both the RGPD and the AEPD security breaches
are a violation of security, voluntary or accidental, which entails the loss,
destruction or manipulation of personal data stored on the attacked medium.
The ways in which these security breaches can occur are
numerous, especially in the digital environment and range from an unauthorized
modification of the database, the destruction of backup copies, to cyberattacks
of different types whose objective is to access stored personal data.
Types
of Security Breaches
Although we can talk about different ways to cause a
security breach, the truth is that when classifying them, there are three
specific types depending on their objectives or consequences.
Confidentiality
Gap
The confidentiality breach occurs when there is
unauthorized or non-legitimate access to the data storage platform or any part
of it that may expose personal data.
Integrity
Gap
The integrity breach refers to the manipulations or
alterations of the original information stored in the system, producing a
substitution of data that could suppose some kind of damage.
Availability
Gap
The availability gap refers to those attacks that cause the
loss of access to the original data, either temporarily or permanently.
How
To Prevent Security Breaches?
Although the types of cyberattacks are quite varied, there
are a series of security measures that we can take to prevent security breaches
from occurring in the company's computer systems.
Using
Strong Passwords
People wish to use easy-to-remember passwords; without
policies and technology to enforce proper password selection, organizations run
the danger of getting passwords like "1234" because the only line of
defense against unauthorized access to confidential information. See our post:
How to create a strong password?
Therefore, develop appropriate policies and implement
technology to ensure that policies are properly enforced and that your
employees use strong and complex passwords.
With
Double Authentication
Double authentication or two-step verification is not a
100% foolproof method, but it will make things harder for a hacker. Therefore,
it is interesting to consider its implementation to access especially
confidential information.
Making
Backup Copies
Backup purpose is to make copies of data so that we can
recover it at the time of emergency or after fault. Backups allow you to
restore data from a previous point to help the business recover from an
unplanned event.
Storing the copy of the data on a separate medium is essential
to protect against data loss or corruption. This additional medium are often as
simple as an drive or USB stick, or something more substantial, like a disk
storage system, a cloud storage container, or a tape drive.
Install
Antivirus
Antivirus is the best protection one can take to keep their
device and information safe from getting lost or corrupted and fight against
viruses. So, install a good antivirus software
that gives you complete security.
Updating
All Systems
System updates are critical to business performance. A
system update generally involves adding new hardware or updating software to
increase the functionality of a system. However, system upgrades also have many
lesser-known benefits, such as increased lifespan and better computer equipment
efficiency.
Here are five other reasons why you should bother updating
your systems:
Higher employee productivity.
Business growth.
Better IT support.
Improved system security.
Extended warranty.
With device encryption
There are many commercial and free tools available to try
to this some operating systems even have built-in encryption capabilities. As
you probably suspect, if you're not sure if something should be encrypted,
encrypt it. Use a good antivirus to keep
your device safe and away from security breach and have complete security.
Comments
Post a Comment