3 of the most common ways your organisation can suffer a data breach

Over the past year, cyber security experts have warned organisations to accept that data breaches are inevitable. Strong defences can help you prevent most incidents and reduce the severity of successful attacks, but they can’t keep stop data breaches altogether.

So, what threats should you be preparing for? Here are three of the most common.



Malware is often associated with card transactions, because it’s a relatively simple attack that offers direct returns in the form of financial information. But malware can be injected on any device to perform a variety of functions. There’s adware, spyware, bots, Trojan horses, viruses and worms, to name a few.

It’s often hard to know when you’ve been infected, as some malware sits on computers drawing as little attention to itself as possible. Other malware, such as ransomware, makes its presence clear, locking users’ computers and demanding payment for the decryption key.


2. Employee negligence

Employees can mess up in more ways than you can think of. For example, they could lose a laptop or USB containing sensitive information, misconfigure databases, accidentally disclose information or let a crook into your building and access your files.

Verizon’s 2018 Data Breach Investigations Report showed that, finding that almost one in five data breaches was the result of human error.

Accidental breaches are impossible to eradicate, because people inevitably make mistakes. Sometimes it’s just negligence: the employee forgot to follow the rules. Other times, breaches are the result of miscommunication: an employee wasn’t told what to do.

Organisations can address both these failings by emphasising information security staff awareness training. It will help employees understand their security responsibilities, as well as helping the organisation understand its weaknesses and what it needs to improve.


3. Phishing

Crooks send tens of millions of phishing emails every year. This involves impersonating legitimate organisations and attempting to get recipients to click malicious links or attachments. If you fall for their scams, you hand over your personal information or allow malware to infect your systems.

Phishing attacks are often generic messages sent in bulk in the hope of catching people off guard. You might receive a message claiming to be an invoice that you need to pay, or someone pretending to be a colleague might ask you to send over a document.

Attacks often take advantage of current events. For example, in the run-up to the 2018 FIFA World Cup, millions of people received emails claiming to be from Coca-Cola, one of the tournament’s sponsors, offering a $1 million lottery prize. All you had to do was follow the link and provide your personal details.

Except there was no prize. The crooks got hold of people’s names and financial details, and off they went on a fraud splurge.

Take our survey

IT Governance is committed to helping organisations stay secure, but to do that we need your help. Please take our quick survey so we can get an overview of how organisations are training their staff and what they can do to shore up their defences.

Take the survey >>


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.