Data breaches at companies

Nowadays, people share all sorts of things on the internet, especially on social media. Think of messages on Facebook, Instagram, Twitter, and WhatsApp. When sharing these messages, people often do not consider their privacy.

In addition to sharing information about leisure activities, personal data is also shared with companies. This is almost always done via a contact form on a website, via a chat box, or on WhatsApp. As a company, it is crucial to protect this data. When a consumer shares something with a company, the company is responsible if this data becomes public.

In this article, you can read about the consequences of a data breach and what we can do for you as a company. We, therefore, recommend that you read the entire article because a data breach can put your company in serious trouble.

When does a data breach occur?

Your company is dealing with a data breach if third parties obtain personal data that is stored by your company, while they are not allowed to see it. It doesn’t matter how this data is leaked. As a company, you can’t hide behind anything. Even if you accidentally sent personal data to the wrong e-mail address, there is a data breach.

It is important to remember that a data breach may only be discussed when personal data is leaked, such as names, phone numbers, email addresses, and passwords.

What do you as a company have to deal with in the event of a data breach?

A Dutch company must report a data breach to the Dutch Data Protection Authority as soon as possible. By law, this must be done within 72 hours. You can do this via https://dataleks.autoriteitpersoonsgegevens.nl.

The Dutch Data Protection Authority divides reports about data breaches into different levels. In the event of a serious data breach, the Dutch Data Protection Authority refers to the leakage of a large amount of personal data, which can have a major impact on someone’s life.

A data breach is labeled ‘severe’ when the following data is leaked:

• Login details
• Medical information
• Identity cards
• Financial data
• Data about race or creed

As a company, you are obliged to report the data breach to all those involved. This allows them to take timely measures that can prevent major damage. For example, you must offer the data subjects to change their password.

You do not have to inform the data subjects when the personal data is protected with encryption. This means that third parties have access to the data, but cannot view it thanks to security. You should, however, be sure of this. If the Dutch Data Protection Authority believes that you should have informed the data subjects, you can still be fined. You are guaranteed this if you intentionally conceal a data breach. The fine can be up to €820,000 or 10% of the annual turnover.

The Dutch Data Protection Authority can impose a binding instruction if it appears that no intent is involved, or no serious culpable negligence can be demonstrated. You must comply with this instruction.

Can you process personal data?

How can you be sure that you are allowed to process personal data? The Dutch Data Protection Authority has drawn up a step-by-step plan for this, which you as an SME can adhere to. The following four points are important for SMEs:

• As an SME, you may process personal data to perform an agreement.
• You may have to process personal data because this is required by law.
• As an SME you may also process personal data if someone has permitted this.
• You may process personal data if this is based on legitimate interest. Do you want to know if this is the case? Then click on this link!

What can criminals do with the obtained personal data?

Criminals can use personal data to copy an online identity. That way they can commit identity theft. They pretend to be someone else to commit crimes without hindrance. They can use the data, for example, to gain access to your bank account.

More examples of identity fraud

• Order products under someone else’s name
• Create a credible social media account to scam someone
• Conclude agreements under someone else’s name

As a company, you naturally do not want to be partly responsible for this misery. It is therefore extremely important to protect the online privacy of your customers.

Ransomware
Criminals do not only misuse the personal data obtained to make life miserable for their customers. They can also use it to extort your business. They do this by using personal data as ransomware. This is malicious software that takes over and locks the computers within a company. Ransomware can also be the cause of a data breach.

Criminals often gain access to the company network through phishing. An example of phishing is sending emails to company employees with a dangerous attachment. When this attachment is downloaded, the criminal gains access to the employee’s computer. This appendix is, for example, called ‘invoice’.

The criminal then steals the personal data from the computer and installs a virus. This virus locks the data on the computer. Via a pop-up on the screen, the criminals let you know that the data is accessible again after payment of, for example, Bitcoin. If you do not pay on time, the criminals threaten to disclose your personal data. This will jeopardize the trust relationship with your customers.

How do I prevent a data breach?

Protect your online privacy and that of your customers by using good cybersecurity software. Guardey is one such software package. Thanks to Guardey, employees can exchange data securely, without criminals being able to do anything with it.

Notify the customer
First of all, your customers must be aware that you store their data. Make this very clear, and also explain why you are doing this.

Use good security
In addition, ensure that all sensitive data is protected with a strong password and possibly multi-factor authentication. Also, prevent third parties from accessing these passwords.

Keep your team informed
It is also wise to have regular conversations with your team. This way you can remind them how to process personal data, what is going well in this area, and what can be improved.

Business VPN
Employees who work remotely can connect to the company network via a corporate VPN. The necessary data is packed with a secure layer. For example, possible cyber criminals cannot do anything with the data, because they cannot access the data. Only the employee who has access to the VPN can access and use the files. Employees can establish the VPN connection in an instant via Guardey.

Train employees through a game
In Guardey, employees can use a game. This game makes them aware of their online behavior. For example, employees learn how to recognize unreliable e-mails, but also what they can and cannot share with third parties.

Cyber alerts
Guardey continuously scans the company network to see if there are any suspicious activities. This way a ransomware attack can be prevented.

Try Guardeys cybersecurity software now for 14 days for free!