Data Breach

What is Data Breach ?

A data breach is when information that is confidential and supposed to be secure is released or exposed by intentional or unintentional events. Data breaches may include financial information such as credit card, Social Security numbers and healthcare histories, as well as corporate information, such as customer lists. If anyone who is not specifically authorized to do so views such data, the organization charged with protecting that information is said to have suffered a data breach.

Data breaches can happen for a number of reasons

• Hackers can break into a system to expose or secretly confiscate personal information.
• Political or social activists or agents can leak information, creating a breach. 
• Accidental or careless handling of devices, computers, and information systems can lead to accidental information breaches. 
• Disposing of devices can allow incidental breaches if records stay on the device even after deletion.

The exposure of sensitive data or information is also called an information leak.

How can you protect yourself from data breaches?

As security breaches are happening more and more often it is important that you know ways to protect yourself. Below we have included some tips on how this can be done:

1. Create complex passwords - Ensure a different password is used for each account you have, the more complex your password is the better, at least 8 characters long is strongly recommended. If a company has got hacked ensure you update your password for that account immediately.
2. Use a Credit Card - When buying a product online it is safer to use a credit card as this will give you greater protection.
3. Watch for fraud - When online always look out for possible fraud. Ensure this is reported to the company if you do come across a security breach.
4. Use HTTPS at all times: When submitting data ensure that HTTPS is used as this will ensure the data is sent securely.
5. Account Alerts - Ensure you set up account alerts if they are available to you. This will make you aware if your account has been hacked.

From a company’s perspective the following tips have been created to make sure your customers/employees are protected:

1. You should always make sure your customer data is stored in an encrypted database.
2. You should have multi-levels of passwords to access any database storing customer information and       change these passwords frequently.
3. You should make sure you have a Disaster Plan in place when a breach occurs.
4. You should make sure to have malware detection software running on both your servers and workstations and ensure that your firewalls are up and secure.
5. You should periodically and regularly run background checks on employees handling customer data.

There are many solutions out there today to scan and ensure that an application is less prone to a data breach. These can include 

• Static Application Security Testing (SAST) which can be integrated directly into the development environment. This enables the developers to monitor their code constantly. 
• Dynamic Application Security Testing (DAST) is then Black Box testing that can help to find certain vulnerabilities in web applications while they are running in production. This essentially uses the same techniques that an attacker would use to find potential weaknesses. 
• Software Composition Analysis (SCA) can also be used to identify any open source components in your product.