In the March publication of the Independent Practitioner Today, Jane writes about the data breaches; the reasons, and how to avoid them.
IN THE non-cyber category – that is to say, ‘human error’ – we have, as the main causes:
- General breach of personal data – this will contain ‘blagging’ incidents and the accidental disclosure of personal data;
- Data posted or faxed to incorrect recipient;
- Data emailed to incorrect recipient;
- Loss/theft of paperwork or data left in an insecure location. In the cyber category, we have the following main reasons for data breaches:
- Phishing – emails with malicious links, malware;
- Unauthorised access.In conclusion, it is errors by staff and employees that cause the majority of data breaches reported to the ICO.Poor data handling and data management are underlying causes for the data breaches reported to the ICO, whether these breaches are cyber or non-cyber.
Errors in the use of emails is a big factor behind data issues, where we see common problems such as:
- Emails sent to incorrect recipients.
- Emails with people pretend-ing to be someone else – ‘blagging’. Blagging occurs when someone poses as a trusted individual to obtain personal information from their victim or encourage the victim to perform actions, such as a bank transfer.
- Emails containing phishing and other scams and malware. Phishing is an attack used to steal data including login details and credit card details. The attacker will generally pose as a trusted entity and dupe the victim into responding to an email or text message.
- Emails with incorrect or wrong content and referencing of individuals. Read more…
Download the full article for full details.Download