The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches.
The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case where a booking service provider was affected by a data breach.
Cause of the breaches
Hacking via malicious software or phishing | 421 (63%) |
Data sent to the wrong recipients | 62 (9%) |
Lost or stolen devices | 47 (7%) |
Unintentional publication of information | 43 (6%) |
Unknown cause | 99 (15%) |
It should be noted that the figures given don’t add up to the 742 notifications and the causes are not known in all cases. But where the causes are known one view is that that the ‘Human factor’ is an underlying concern – links in phishing emails don’t click themselves – and not having robust information security measures in place – training, checking who emails are going to etc – increases the risk of data breaches.
Actions you should be taking
The key actions:
- Train staff on a regular basis on how to spot possible social engineering attacks, to not click links or attached files on suspicious emails ‘to see what happens’ and to check who they are sending email to
- Apply software patches when they come out
- Use multi-factor authentication to reduce the risk of unauthorised logins
- Use anti-malware measures on endpoints
If you want an independent audit on the effectiveness of the measures you currently in place, help with training and getting a culture that has information security and data privacy in its core principles, or are considering ISO27001 certification as one of the ways to meet security requirements expected by customers and suppliers, please get in touch.
e: ian.grey@wadiff-consulting.co.uk
t: +44 (0)7941 188462