New year, new you. Right? How many times have we said this going into a new year? Each January, we make resolutions to better ourselves: Eat healthy, exercise more. Spend less, save more. Reduce time on social media, focus more on living in the present. Yet, we rarely ever resolve to be more protective of our data. For 2022, let’s re-commit to data privacy and data protection best practices – at work and in our personal lives. Let’s take a look at recent high-profile attacks, common ways data breach occurs and how to prevent data breach in your organization.
As individuals, we think (hope) in our subconscious that our data is being secured by the vendors we entrust to store and manage it. The same goes for organizations of all sizes and shapes; they intend to be more proactive when it comes to data protection, information security and awareness training, but “business happens.” Before long, those organizations find themselves relying on their vendors and software to take care of the security piece.
If these measures were enough to adequately protect sensitive data, then why did we see a record-breaking total of 1,291 breaches in the first three quarters of 2021? Simple. The human aspect of security is not being addressed. This upward trend in data breaches represents a 17% year-over-year increase! Here are some of the headliners from 2021:
Android Users Data Breach
- People affected: 100+ million users
- Cause of breach: Multiple misconfigurations of cloud services leading to unprotected real-time databases used by multiple apps
- Data exposed: Sensitive and personal information such as names, email address, dates of birth, chat messages, location, gender, passwords, photos, payment information, phone numbers and push notifications
- Underlying issue: Lack of basic security practices in many applications
Thailand Visitors Breach
- People affected: 106+ million international travelers exposed
- Cause of breach: Unsecured 10-year-old database
- Data exposed: Date of arrival, full name, sec, passport number, residency status, visa type and arrival card number
- Underlying Issue: Lack of basic security practices
- People affected: 700 million users exposed (Facebook users from 106 countries, including more than 32 million records on users in the U.S. 11 million on users in the U.K. and 6 million on users in India)
- Cause of breach: Database leaked
- Data exposed: Phone numbers with the IDs listed in the data set
- Underlying issue: Vulnerability in the code of a now-defunct feature
Where is the Data Privacy Training?
The most disconcerting fact about the growing number of breaches year after year is that we live in an era where security awareness training programs are widely available, yet not being utilized. The cybersecurity training market is saturated with various providers that have developed training programs explaining how to prevent data breach. If these resources are there, then why do we continue to see headlines about data breaches? Two things are happening.
First, organizations are treating security training as a “one-and-done” training event. They deploy it, check the box and move on – leaving their users to recall information from a single 25-minute training session. This is not adequate for creating secure habits and developing a security-minded culture.
The other possibility is that organizations have purchased a program and are having trouble deploying it. “Trouble” could consist of low user engagement, limited resources to deploy the program, lack of support from the executive team and a slew of other challenges. If that’s the case, then seek out a managed services vendor that can implement your program for maximum results.
Learn basic steps for how to prevent data breach in your organization, and put them into practice. Constant reminders go a long way in securing your organization’s proprietary data. Download and share this infographic with your team today!
How to Prevent Data Breach With Fun and Engaging Education
Data breaches can be avoided with continuous and memorable training on security standards and data protection practices. A real commitment to data protection and data privacy within your organization consists of ongoing awareness campaigns, core training, phishing simulation and remediation, role-based training for highly targeted users, and assessments.
Dig in to understand the human element of learning, and deploy your program with these best practices in mind:
- Deliver engaging, impactful training in short soundbites, allowing your employees to grasp the concepts and put them to use right away.
- Utilize diversified training modalities to engage all learners and ensure retention.
- Along with traditional courseware, consider incorporating gamified training, microlearning and videos to guarantee successful knowledge transfer.
- Use assessments to measure your baseline, track improvements and identify future training needs.
Don’t let your organization become a 2022 statistic – renew your commitment to data privacy and data protection. And make training fun!
Be a Part of Data Privacy Week 2022
Data Privacy Week is January 24-28, 2022. Join this international initiative to empower individuals and businesses to respect privacy, safeguard data and enable trust. It’s a great time to better understand how to prevent data breach and re-commit to your training program. If your training is old and stale, GLS can help.
Global Learning Systems is an industry leader in comprehensive and full-service security awareness and data privacy training. Download our FREE Data Privacy Kit and learn how your organization can keep its data safe and secure.