Risks to Data (How is data breached?)

Theft

Deliberate attacks on systems and individuals who have access to sensitive data can cause more harm than inadvertent exposure.

One in four of all data breaches reported by organisations and businesses are a result of theft. 

Former employees, inside people who have a grudge against an organization, or criminals looking to make money from the sale of the data will look for data stored on laptops, hard drives, and thumb drives. Insiders are the number one cause of data breaches, while hackers (criminals attempting to gain access through the Internet) rank a bit lower, according to one study by the Ponemon Institute.

Loss

Inadvertent exposure due to the loss of media is another way data is exposed. Backup tapes or paper files being misplaced on their way to a storage facility, or laptops left behind at airports or in taxis, are common ways data can end up in the hands of unauthorized people.

Neglect

When old computers or hard drives are sold or recycled, the information contained on them might be deleted, but if not properly erased, that data can be retrieved by anyone with just a few cheap tools. Additionally, leaving data on media that is not adequately protected with a strong password or with encryption leaves it vulnerable to a hacker or thief. The same applies to sensitive paper files, which should be disposed of using a cross-cut shredder or a recycling/trash pickup service that ensures proper disposal.

Insecure Practices

Collecting, storing, sending, encrypting, finding and removing data may all have implications for its safety.

Those who are handling sensitive data, may find they are doing one or more of these activities. If proper safety precautions are not taken, inadvertent data exposure could be the result. For example, breaches of sensitive data stored in folders accessible through the Internet, such as through file sharing software, has occurred more than once at organisations.