Matt Riley, Director of Transformation and Security at Sharp UK has previously written several articles providing informative insight on security and data protection, and how we build a positive cyber security culture within Sharp UK.
One of the key measures of a positive cyber security culture is the number of reported incidents or "breaches". Breaches happen every day in every business, but don’t get reported for a few different reasons:
- People don’t understand an incident has occurred
- People don’t know how to report an incident
- People don’t want to report an incident as they think they’ll get into trouble
Following on from our blog on what determines a data breach, this blog will explore examples of workplace breaches and the process of how to report one.
Examples of Breaches
Some practical examples of breaches that could occur in the workplace include:
- Losing a laptop, phone or USB drive
- Data entered into a system incorrectly
- Sending an email to the wrong person
- Putting usernames and passwords into phishing websites
- Sharing personal data with a company without a contract in place
- Leaving paperwork on public transport
- Hacking/malicious access by a 3rd party
- Ransomware/Viruses
- Theft of anything that holds data
- Being in an email distribution group that you shouldn’t be
As a whole, a data breach is an unauthorised access, disclosure, or acquisition of sensitive information, such as personal or financial data, by individuals or entities. It poses a significant threat to privacy and security, often resulting in the exploitation or misuse of the compromised data for malicious purposes, such as identity theft or fraud.
Reporting a Breach
If a breach has occurred, you have a responsibility to report it. Despite the severity of the breach, it should be reported.
In the event of a breach in the workplace, swift and decisive action is paramount to mitigate potential damage and protect sensitive information.
Firstly, you should inform the IT department so they can advise you on what to do next and start an investigation if needed. Communication is key—promptly notify all stakeholders, including employees, clients, and partners, about the breach and its potential impact.
Next, you should isolate and contain the breach by disconnecting affected systems and networks to prevent further infiltration. Collaborate with cyber security experts to identify vulnerabilities and implement robust security measures.
Post-incident, conduct thorough reviews to enhance future defences and educate staff on cyber security best practices. Prioritise transparency and accountability to rebuild trust and fortify the organisation against future threats.
Sharp provides a range of services to prevent and manage data breaches. We provide protection against the latest cyber security threats, offer user awareness training and incident response as well as data recovery if a breach occurs.
