“Report data spills before molehills become mountains or small leaks become fountains.”
– Anonymous

Data Breach

A data breach is when private and confidential information is released into an unsecured environment. This usually means that the information becomes publicly available. It also means that others can use it for personal gain, or to cause harm to a business or individual.

Data breaches can happen to any business or organization, large or small. The kind of information that’s released is usually:

  • data that can identify particular individuals, known as personally identifiable information (PII)
  • personal health information (PHI)
  • trade secrets or intellectual property (IP)
  • embarrassing information used to harm a brand or people.

Data breaches happen when information is:

  • compromised or stolen
  • released by accident
  • accessed through bugs found in a computer system.

For businesses, this poses both a financial and reputational risk. It can mean that customers lose trust in the business, their brand, or see the business as being unethical. Regaining customer trust and implementing better security practices.

Preventing Data Breach

Data breaches are easier to avoid than they are to fix. Here’s what you can do to reduce the likelihood of a breach.

As a business:

  • only collect information that you actually need from your customers. Be clear about why you need it
  • think about how you store that information and if how you’re storing it is fit for purpose
  • make sure the data storage solution you’re using is secure
  • ensure that it can only be accessed by those we need access to it
  • develop a response plan for what to do if your business is affected by a data breach.

If your business is affected by a Data Breach

Here are the steps to take when you’re dealing with a data breach.

If it’s happened to your business:

  • disconnect the compromised system from the internet, but don’t turn it off. If you turn it off, you could lose evidence that will help you work out what happened
  • reset the passwords for any compromised accounts
  • report the breach to relevant authorities. 
  • be open and transparent with your customers. Notify anyone who could be affected immediately. Let them know: 
    • what information was breached
    • what you’re doing to address the problem
    • how they can contact you if they have queries
    • when you’ve fixed the issue. 
Visit CERT NZ for more information. 
Visit ACSC for more information.