June 17, 2018

5 Unexpected Places Where A Data Breach Can Occur

Data thieves continue to bombard organizations and individuals just about everywhere.

Last year in the United States, over 174 million confidential records were exposed. That marked a huge increase compared to just over 36.6 million in 2016, according to Identity Theft Resource Center (ITRC) statistics.

To better protect information, it’s important to understand where data breaches occur and why. While hacking and viruses play a significant role, here are 5 unexpected places where data breaches can occur.

  1. Personal fitness tracking device: The Internet of Things (IoT) is problematic because many devices lack proper security and can be intercepted by cyber criminals when connected to the internet. IoT devices range from fitness trackers and medical devices to virtual and augmented reality games such as Pokémon Go and even children’s dolls and other toys. In the workplace, there are Smart TVs and internet-connected HVAC, surveillance cameras, and lighting systems. What to do: Educate the workforce about issues. Research devices before purchasing. Set up security (change default passwords and regularly install firmware updates).
  2. Computer screen in full sight: Visual hacking is physically spying on another person’s computer screen and desk. A 3M workplace study found that 91% of attempted visual hacks were successful with hackers getting login credentials and other confidential documents. What to do: Create visual privacy policies and protocols including a Clean Desk Policy. Provide privacy filters. Restrict workplace visitors. Train employees to properly handle company data.
  3. ‘Trusted’ employee: ‘Insiders’ steal information too. Research has shown that it may be because employees are in low paying positions or they have personal financial problems. Examples are front line workers stealing patient medical data or client social security numbers that are then sold or used to commit fraud. On the flip side, trusted employees make mistakes such as sending confidential information to the wrong person or mistakenly responding to legitimate-looking (but malicious) emails – 30% of phishing emails are opened, according to a recent Data Breach Investigations Report. What to do: Provide on-going cyber security training. Corroborate suspicious emails to make sure they’re legitimate. Filter email for spam and malware. Consider a company-wide policy to use a secure file sharing system instead of email attachments.
  4. Long-time suppliers: A 2017 Beazley report showed data is often breached while under the control of third party suppliers, and together with employee error this type of breach accounted for 30% of breaches overall. What to do: Vet third parties for their security policies. Closely monitor and restrict vendor access to data. Make notification for any unauthorized disclosure of personal data a contracted agreement.  
  5. Garbage bin: It’s critical to securely destroy confidential information when no longer needed. But an ITRC report showed that employees still improperly dispose of sensitive data. Paper documents can be stolen, and data on legacy and broken-down hard drives can be recovered with special software. What to do: Partner with a document destruction company to ensure proper physical destruction of data wherever it resides. The company should have a secure chain of custody and provide secure shredding services for paper, and shearing and crushing services for hard drives and e-media.

Start Protecting Your Business 

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.