Does your institution understand the basics about a data breach? In the last blog post we gave you a short, 11 question Data Breach Quiz. Today, we will give you the answers to the first half of these questions.
Although most organizations are now aware of the need to protect data, recent security breaches at some of the biggest and tech-savy companies demonstrates the need to be fully educated on this topic. To fully assess your school’s risk associated with a data breach, you have to understand the various elements of a data breach. In the last Blog we gave you a short, 11 question data breach quiz to consider. Now, let’s take a look at the answers to the first four questions.
1. What is a data breach?
A data breach is the unauthorized disclosure of Personally Identifiable Information (PII). PII includes:
- Full name
- E-mail address
- Social Security number
- Drivers License number
- Credit or Debit card numbers
- Bank or other financial account number
- Client legal data/records
PII also includes Personal Health Information (PHI), such as:
- Medical diagnosis
- Patient medical history and medications
A data breach is not limited to electronic data but also includes hard copy files.
PII can be used by itself or with other sources of information to uniquely identify, contact, or locate a person. The greatest threat from a loss of PII is identity theft, which occurs when PII is used to impersonate individuals in order to gain access to their bank accounts, assets, or commit fraud or other crimes in their name.
2. Which of the following things does your school acquire from your students and employees? You need to answer this question yourself:
Item Yes No
Full name ____ ____
E-mail address ____ ____
Social Security number ____ ____
Drivers License number ____ ____
Credit or Debit card numbers ____ ____
Bank or other financial account numbers ____ ____
Medical records of any kind ____ ____
3. How can a data breach occur?
Data can be breached in many ways. The most common ways include:
- Missing or stolen laptop or peripheral
- Misdirected mail or fax; misdirected e-mail.
- Erroneous data posting in public venue
- Loss or theft of physical documents
- Computer hacking
- Unauthorized employee disclosure
4. Can you explain in simple terms the following:
- Hacking – electronic theft or unauthorized access to other’s confidential information (PII) and (PHI) or trade secrets in your care.
- Malware – is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner.
- Physical Attacks – Cyberwarfare, defined as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption,”:6 but other definitions also include non-state actors, such as terrorist groups, companies, political or ideological extremist groups, hacktivists and transnational criminal organizations.
- Privileged Misuse – any unauthorized use of the individuals level of access to their organizations’ IT networks, enterprise systems, applications and information assets. Privileged users include database administrators, network engineers, IT security practitioners and cloud custodians.
- Social Tactics – (1) hackers devising ever-more clever methods for fooling employees and individuals into handing over valuable company data, most often, it involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file.
- Ransomware – A type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restricted access.
Next week we will provide the answers to the other 7 questions.
Specific questions? E-mail Adam Balls.
The information provided herein presents general information and should not be relied on as insurance advice when analyzing and resolving a specific issue. If you have specific questions regarding a particular fact situation, please consult with competent insurance brokers and/or legal counsel about the facts and laws that apply.