image description

Protecting Your Business From Data Breaches

The number of data breaches divulged to the DPC (Data Protection Commission) soared by over 70% in 2018 with the introduction of the new data protection rules across Europe.

In total, the DPC was notified of 4,740 breaches during 2018, with 3,542 of those made in the months after the GDPR came into force in May.

These figures were contained in the first annual report of the DPC since the name changed from being the Office of the Data Protection Commissioner to the DPC in the middle of last year. The largest number of these complaints were related to the right of access to personal data held by others, with unfair processing of data and disclosure among the other biggest offences.

The BIG Offenders

The DPC has also opened 15 new statutory investigations between May and December last year into issues around whether large technology multinational companies were compliant with GDPR.

Seven of these investigations were focused on Facebook alone, with two looking at its subsidiary company WhatsApp and one examining an issue with Instagram, which is also owned by the social networking behemoth. After a year of data breaches and privacy scandals which have impacted the company’s share price and reputation, Mark Zuckerberg has stated that he wants Facebook to become a “privacy-focused” social network. Twitter and Apple are also subject to two ongoing inquiries each, while LinkedIn is the focus of one.

As data collection continues to become a greater part of the public conversation owing to the recent MNC scandals, GDPR regulations and privacy protections are beginning to occupy a more important place in the minds of top data manager’s alongside predictive analytics, analysis, data collection and other priorities that give data its value.

Data breaches aren’t just a problem for big business

Loco on jengo bricks

When data breaches make the news, it’s usually because they occurred at a major company as with the above example of facebook, however, the reality is that cyberattacks are much more likely to be carried out against small businesses.

This can be particularly problematic as the majority of small business owners don’t even realise how much personal information they have stored about their clients, employees, and suppliers. The average small business possesses a significant amount of data that is valuable to hackers, including:

  • Employee birthdates and Social Security numbers
  • Client names, email addresses, and phone numbers
  • Banking information & Credit/Debit card numbers

While data breaches at large MNC may yield a bigger payoff for hackers, small businesses tend to have fewer security protocols in place which makes them much easier to hack. Therefore, it is vital that these small businesses follow strict protocols to lessen the probability of a data leak.


Code of Ethics

Data privacy replaces enter on a keyboard

One mooted change to improve data security is the introduction of a code of ethics such as those applied in professions such as accounting, medicine and law. Many of the ethical principles used in these professions are cross-discipline and could be applied to data storage, corporate governance and data use also.

Many organisations plan to initiate annual reviews not unlike accounting audits to ensure compliance with these ethics guidelines and managers will also be on the lookout for bias on the behalf of data controllers.

Drawing inaccurate conclusions from data can be as harmful as having no insights at all and is a major reason for the need for a code of ethics when it comes to data usage. As one senior business intelligence leader in Google put it, “the practice of ethics helps professionals to take a step back and evaluate situations from an ethical perspective.”

Employee Training

According to a 2018 data security report published by the Wall Street Journal, 30% of data breaches last year in the United States were caused as a result of employee error.

Two people looking at a computer screenAs such a remarkable portion of data security breaches are directly caused by employee oversight, your company’s number one priority needs to be to train employees regarding how to deal with and prevent data security breaches as the best way to counter such accidental data breaches caused by uneducated employees is to educate them. With a comprehensive retraining program in place, your business can greatly reduce the risk of a data breach as a result of employee mistake. Elements which should be included to ensure a comprehensive understanding of how to maintain data security include;

  • Data Security Awareness: From the importance of using strong varied passwords to checking email links before you click them, every employee needs to have a basic understanding of the protocols which need to be followed.
  • Employee Responsibility: Each employee should have a clear understanding of what their role is in protecting the company’s data security. Instituting a list of responsibilities for each employee regarding what to do will help to eliminate confusion and enhance each employee’s understanding of how they can protect data security.
  • Specific Risks: After assessing what your company’s biggest data breach risks are, it is vital to add training elements that address specific risks specific to your company.


It is therefore crucial to upskill your team with the help of an industry expert.

Preventing Insider Abuse

Disgruntled former employees are one of the most dangerous data breach risks a company can face. Insiders possess the ability to bypass many of the security measures meant to stop outside attacks with ease because of the access credentials they possess. While stopping a data breach caused by a committed attacker with inside access can be tough, there are ways to diminish the risk and scope of the damage;

Delete unnecessary User Accounts: These can include all accounts meant for temporary workers, ex-employee’s or special extra accounts to give a permanent employee access to a specific system for a one-time job. Whatever the reason they exist, unused accounts are a data security risk that needs to be eliminated.

Restrict Employee Access: Not every employee needs to have total access to every database. By restricting access, you can limit the scope for an insider attack.

Monitoring User Accounts: Tracking account use helps to increase the traceability of the origin of a breach for compliance purposes. Using alerts to signal the security team when malicious activity is registered helps enable faster response times and can even allow you to stop a breach that’s currently in progress.

Choosing The Right Cloud Storage Provider

The majority of companies rely on cloud storage providers to back up their business data. However, you may not understand exactly how these cloud service providers are protecting your data. Checking out your cloud storage providers service agreement will enable you to understand the security measures that they have in place and whether these measures align with what you need to protect your customers

Security measures to look out for include the steps taken to safeguard your business data, who is authorised to access this data, and what happens to the data if you decide to terminate the agreement. The robustness of these cybersecurity measures should be a major factor when deciding on a cloud storage provider for your data.

Developing A Comprehensive Response Plan

Developing a comprehensive response plan empowers both employees and the employer to understand the potential impact of the breach. Employers should be transparent concerning the scope of the breach as both employees and customers want to know the truth. A well-thought-out response plan can help to limit lost productivity and prevent negative publicity.

Your response plan should begin with a thorough evaluation of exactly what was lost and when. It should also focus on finding out who is responsible. By taking swift, decisive action, you can limit the damage caused by the breach and restore your company’s public image in the event of a breach.

Naturally, the first step to take to protect your business is to build a privacy-first website.

Discuss Your Project with an Expert Today

Get in touch with a brief summary of your requirement and we’ll be happy to discuss your project in an open and transparent manner.

Request a Consultation

Related Insight Posts

2024 Essential Cybersecurity Guide for Digital Marketers
2024 Essential Cybersecurity Guide for Digital Marketers

Navigate the complex world of cybersecurity, and learn how to protect your digital assets, ensure customer trust, and uphold your brand's reputation a..

Read More
Navigating the Future of Digital Accessibility: Preparing for EAA 2025
Navigating the Future of Digital Accessibility: Preparing for EAA 2025

As the European Accessibility Act (EAA) 2025 approaches, organisations must proactively enhance their digital accessibility. This guide outlines criti..

Read More
Voice Activated: Exploring Voice Search Possibilities for Advertising
Voice Activated: Exploring Voice Search Possibilities for Advertising

This article delves into the rapidly evolving world of voice search technology and its potential impact on the advertising industry. It highlights the..

Read More

2024 Essential Cybersecurity Guide for Digital Marketers

Navigate the complex world of cybersecurity, and learn how to protect your digital assets, ensure customer trust, and uphold your brand's reputation a..

Read More
Google Core Algorithm Update March 2024 | Analysis & Impact

Google Core Algorithm Update March 2024 | Analysis & Impact

March 2024 brought significant news with a wide-scale culling of poor quality, spammy websites, many of which heavily relied on AI-generated content...

Read More

Why Digital Strategy

To get customers, it’s imperative to be seen by the mass. Every successful company is unique and needs contrasting digital marketing strategies. Book a meeting with us and we will help you find the correct strategy for your company.

Our Approach