Data Breach: The risks and the preventative measures

15th Dec 2020 by Lloyd Bowen

Data breach refers to the unauthorised access to sensitive and/or confidential information. The most common data breaches are the result of a cyber attack where private, sensitive and confidential data is accessed and often stolen by criminals. Sensitive data may be the personal and/or financial information of individuals, companies, customers or employees. Most cyber-criminals target this information for monetary gain, either by using the financial information stolen or by holding sensitive data for ransom.

There are several methods that cyber criminals can use to access and extract sensitive data:

Ransomware is software that accesses sensitive data and locks down access to the owner. A fee is then demanded by the cyber-criminal to unlock these files and systems. In some instances where a ransom is paid by the owner to regain access, files remain locked, costing the owner both the cost of the ransom fee and the loss of data. The Beazley Group report that the number of ransomware incidents is increasing quickly – up by 131% from 2018 to 2019 – with small and medium sized businesses accounting for 62% of ransomware attacks.

Malware (or “malicious software”) is a programme or code designed to probe systems and harm your computer or software. Malware may display as a fraudulent notification or warning that tries to convince users to download software that will steal data, lock or hijack computer functions. Your computer may be accessed by malware when downloading infected files, navigating hacked websites or opening emails on a computer or device that doesn’t have appropriate security in place.

Phishing scams are often fraudulent emails or other electronic communications that appear to be from a reputable company. They aim to trick recipients into clicking on a malicious link or downloading an attachment that will compromise the recipient’s system. Spear phishing refers to an email scam that is targeted towards a specific individual, organisation or business.

Denial of Service (DoS) is where a device or network resource is made unavailable to its owners/users by disrupting the services of the host connected to the internet, by attempting to overload the systems with excessive requests that prevent legitimate requests from being fulfilled.

While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive and, sometimes, human error.

According to the Department for Digital, Culture, Media and Sport (DCMS) almost half of all UK businesses suffered a data security breach or attack between March 2019 and March 2020. More specifically, 68% of medium-sized businesses and 75% of large enterprises fell victim to a breach or attack.

With statistics showing a stark increase in data breaches suffered by businesses – small, medium and large, companies are faced with increasing pressure and responsibility to safeguard their data against such attacks and remain compliant with General Data Protection Regulation (GDPR).

Thankfully, there are companies whose purpose it is to support other businesses by protecting them from data breach and helping them remain GDPR compliant.

Based here in Cardiff, Amitech IT are a leading technology and business systems provider that, for more than 20 years, has been delivering a range of IT services designed to help businesses draw the most from their software and IT infrastructure, while keeping them protected from harmful attacks and/or accidental breaches.

Among their range of services are managed security solutions that ensure their customers are protected from malicious data breaches. Amitech IT are a Sophos Gold partner, which allows them to provide a unified threat management system for entire business networks that includes end user protection for PC’s, high performance security for business servers and mobile and web security.

“Amitech IT’s managed security solution is designed to give our customers peace of mind. Our aim is to relieve customers from the time-consuming administrative burden of checking your IT security is running effectively, we do the hard work for you. Our IT Security experts can not only design, deploy and manage your IT security solution but can also provide a robust and reliable back-up and recovery solution should the worst happen.” – Nick Williams, Amitech IT Ltd.

Businesses such as Amitech IT provide a practical and valuable security solution that protects against hackers and malicious software attempting to access a company’s vital data. We, at Maltings Secure Shredding and The Maltings Document Storage Solutions provide a range of GDPR compliant services that protect a company’s hardware from data breach. Through our secure destruction and storage services, our customers are safe in the knowledge that their archived data is stored safely and/or their obsolete IT equipment is disposed of, cleansed and recycled in a professional manner that guarantees GDPR compliance.

Our new IT Destruction service is delivered by a team with more than 40 years’ experience in professional data management services. Destruction of IT hardware with The Maltings comes with a full audit trail, including a certificate of destruction for all items. In addition, our service complies with BS EN 15713 (Secure Destruction of Confidential Material) and ISO 27001, and is carried out in accordance with the WEEE Directive - to ensure that all IT equipment is recycled as far as possible, within the UK. None of our client’s IT equipment is sold or exported abroad.

This new service covers a range of items used within a business setting, including but not limited to hard drives, PCs, laptops, memory sticks, servers, network switches, CCTV video tapes, telephone equipment (including mobile phones) etc. All of which are processed and handled with our core values in mind.

Security

The security of our customers’ data is paramount to us at Maltings Secure Shredding. We employ a security vetted team who operate using fully tracked service vehicles, bringing customer data to a fully secure facility that is manned 24 hours a day, 7 days a week, 365 days a year with extensive CCTV coverage, full perimeter fencing, security barriers and fob access-controlled entry points.

Trust

Across our extensive range of services, we ensure that we earn and retain the trust of our customers. We do this by maintaining the utmost level of professionalism and integrity, striving to develop and improve our methods wherever possible and by demonstrating our competence in our everyday service.

Compliance

The Maltings hold and adhere to a number of ISO certifications as well as Cyber Essentials PLUS and BS EN 15713, in the interest of ensuring that the storage and/or destruction of our customers’ data is done so in accordance with GDPR.

“It’s a great feeling to know that over 700 customers trust The Maltings with their most sensitive information. This accomplishment is thanks to the reputation we have built over 40 years of data management services and the ongoing hard work of our expert team. The team here at The Maltings do an excellent job of maintaining the highest level of security and professionalism, which helps us continue to fulfil the purpose of our company; to support businesses and help keep them protected from data breach and compliant with GDPR.” – Andrew Partridge, Operations Manager at The Maltings Document Storage Solutions Ltd, Maltings Secure Shredding Ltd & Maltings Data Scan Ltd.

LATEST BLOGS

Uses for Recycled Paper: The Practical and the Quirky
22nd Jan 2021
By Lloyd Bowen
READ MORE
Data Breach: The risks and the preventative measures
15th Dec 2020
By Lloyd Bowen
READ MORE