Data Breaches: Can We Avoid Them?

Data breaches

Data breaches are one of the most feared events for companies, since they discredit the company’s ability to protect its confidential data, including the personal data of its customers. If computer attacks are to blame, these data breaches are also sometimes due to the company’s employees: in most cases, they come from a simple human error, but it can also be a case of data theft ordered to an employee by a competitor of the target company, or an employee who acts out of opportunism, seeing in the resale of these data a significant financial interest.

No Company is Spared

All companies, from large corporations to small businesses, but also administrations and local authorities, are concerned by data breaches. Not a week goes by without another organization being mentioned in the press for this reason. Cyber attacks, the main cause of data leakage, are also the most costly for companies who, although victims, are liable for failing to secure customer data, as evidenced by the £20 million and £18 million fines imposed on British Airways and Marriott for data breaches they suffered and which proved detrimental to their customers. Companies also face internal threats, often caused by human errors, such as phishing, when an employee communicates confidential data to a third-party that he or she believes to be trustworthy. Once again, companies must take responsibility for educating and training their employees on good cybersecurity practices. There are also cases of data leakage, rarer, which are intentionally caused by internal employees of the company.

Limit the Scope of Data Breaches

Finally, faced with these protean threats, it seems almost impossible for an organization to have the guarantee of avoiding any data breach. The resounding SolarWinds affair is a reminder of this: government entities in several countries were infiltrated and countless confidential data were stolen. Six U.S. government departments, including Energy, Commerce, Treasury, and the State Department, were victims of this massive cyberattack.

Although it is nearly impossible to prevent data leakage, it is possible to limit the scope of data breach, especially when caused by an employee, whether it is a mistake or intentional data theft. While employees need access to a certain number of critical data and resources because of their role in the company, some of these may not be necessary for their jobs. This is why it is essential for companies to apply the principle of least privilege, which consists of limiting the rights / authorizations of any individual on the information system to only those applications / data that are necessary for their missions. This means that any data breach from an employee will be limited to only the data they need to access and not all the company’s critical data. This is one of the principles of Systancia Gate, a “zero-trust” private network access solution that gives employees highly secure access to selected information system resources, rather than to the entire system.