The risks (and preventative measures) of a data breach for businesses

As the UK continues to work from home, one crucial aspect of our new working methods – with employees scattered across regions, accessing sensitive company information from various official or personal devices – is data sensitivity.

Without our usual central office hubs, staffed with expert IT teams and potentially the previous IT infrastructure, businesses may become more vulnerable via their employees’ actions. Companies have less control over employees’ online behaviour, even down to ‘don’t click that suspicious link’, or warning against phishing emails sent to all company email addresses.

This is how a data breach could happen.

‘Data breach’ refers to the unauthorised access to sensitive and/or confidential information. The most common data breaches are the result of a cyber attack where private, sensitive and confidential data is accessed and often stolen by criminals.

Sensitive data may be the personal and/or financial information of individuals, companies, customers or employees. Most cyber-criminals target this information for monetary gain, either by using the financial information stolen or by holding sensitive data for ransom.

There are several methods that cyber criminals can use to access and extract sensitive data:

Ransomware is software that accesses sensitive data and locks down access to the owner. A fee is then demanded by the cyber-criminal to unlock these files and systems. In some instances where a ransom is paid by the owner to regain access, files remain locked, costing the owner both the cost of the ransom fee and the loss of data. The Beazley Group report that the number of ransomware incidents is increasing quickly – up by 131% from 2018 to 2019 – with small and medium sized businesses accounting for 62% of ransomware attacks. 

Malware (or “malicious software”) is a programme or code designed to probe systems and harm your computer or software. Malware may display as a fraudulent notification or warning that tries to convince users to download software that will steal data, lock or hijack computer functions. Your computer may be accessed by malware when downloading infected files, navigating hacked websites or opening emails on a computer or device that doesn’t have appropriate security in place.

Phishing scams are often fraudulent emails or other electronic communications that appear to be from a reputable company. They aim to trick recipients into clicking on a malicious link or downloading an attachment that will compromise the recipient’s system. Spear phishing refers to an email scam that is targeted towards a specific individual, organisation or business.

Denial of Service (DoS) is where a device or network resource is made unavailable to its owners/users by disrupting the services of the host connected to the internet, by attempting to overload the systems with excessive requests that prevent legitimate requests from being fulfilled.

While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive and, sometimes, human error.

According to the Department for Digital, Culture, Media and Sport (DCMS) almost half of all UK businesses suffered a data security breach or attack between March 2019 and March 20201. More specifically, 68% of medium-sized businesses and 75% of large enterprises fell victim to a breach or attack.

With statistics showing a stark increase in data breaches suffered by businesses – small, medium and large, companies are faced with increasing pressure and responsibility to safeguard their data against such attacks and remain compliant with General Data Protection Regulation (GDPR).

How to prevent a data breach

Thankfully, there are companies whose purpose it is to support other businesses by protecting them from data breach and helping them remain GDPR compliant.

Based here in Cardiff, Amitech IT (a Resource partner) are a leading technology and business systems provider that, for more than 20 years, has been delivering a range of IT services designed to help businesses draw the most from their software and IT infrastructure, while keeping them protected from harmful attacks and/or accidental breaches.

Among their range of services are managed security solutions that ensure their customers are protected from malicious data breaches. Amitech IT are a Sophos Gold partner, which allows them to provide a unified threat management system for entire business networks that includes end user protection for PC’s, high performance security for business servers and mobile and web security.

“Amitech IT’s managed security solution is designed to give our customers peace of mind. Our aim is to relieve customers from the time-consuming administrative burden of checking your IT security is running effectively, we do the hard work for you. Our IT Security experts can not only design, deploy and manage your IT security solution but can also provide a robust and reliable back-up and recovery solution should the worst happen.”

– Nick Williams, Amitech IT Ltd

Businesses such as Amitech IT provide a practical and valuable security solution that protects against hackers and malicious software attempting to access a company’s vital data.

Maltings Secure Shredding and The Maltings Document Storage Solutions (Resource partners) provide a range of GDPR compliant services that protect a company’s hardware from data breach.

Through their secure destruction and storage services, customers are safe in the knowledge that their archived data is stored safely and/or their obsolete IT equipment is disposed of, cleansed and recycled in a professional manner that guarantees GDPR compliance.

Their new IT Destruction service is delivered by a team with more than 40 years’ experience in professional data management services. Destruction of IT hardware with The Maltings comes with a full audit trail, including a certificate of destruction for all items.

In addition, the service complies with BS EN 15713 (Secure Destruction of Confidential Material) and ISO 27001, and is carried out in accordance with the WEEE Directive – to ensure that all IT equipment is recycled as far as possible, within the UK. None of their client’s IT equipment is sold or exported abroad.

This new service covers a range of items used within a business setting, including but not limited to hard drives, PCs, laptops, memory sticks, servers, network switches, CCTV video tapes, telephone equipment (including mobile phones) etc – all of which are processed and handled with our core values in mind.

Security

The security of customer data is paramount to the team at Maltings Secure Shredding. They employ a security vetted team who operate using fully tracked service vehicles, bringing customer data to a fully secure facility that is manned 24 hours a day, 7 days a week, 365 days a year with extensive CCTV coverage, full perimeter fencing, security barriers and fob access-controlled entry points.

Trust

Across their extensive range of services, Maltings Secure Shredding ensure that they earn and retain the trust of their customers. They do this by maintaining the utmost level of professionalism and integrity, striving to develop and improve their methods wherever possible and by demonstrating their competence in their everyday service.

Compliance

The Maltings hold and adhere to a number of ISO certifications as well as Cyber Essentials PLUS and BS EN 15713, in the interest of ensuring that the storage and/or destruction of customers’ data is done so in accordance with GDPR.

“It’s a great feeling to know that over 700 customers trust The Maltings with their most sensitive information. This accomplishment is thanks to the reputation we have built over 40 years of data management services and the ongoing hard work of our expert team. The team here at The Maltings do an excellent job of maintaining the highest level of security and professionalism, which helps us continue to fulfil the purpose of our company; to support businesses and help keep them protected from data breach and compliant with GDPR.”

– Andrew Partridge, Operations Manager at The Maltings Document Storage Solutions Ltd, Maltings Secure Shredding Ltd & Maltings Data Scan Ltd.


Read more related news from Resource

Get updates from Resource sent directly to your inbox

References / citations in this article

1 Cyber Security Breaches Survey 2020, gov.uk (https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020)

An earlier version of this article was originally published by our partners, The Maltings Secure Shredding, here.

Back to all news

Resource our partners