The first regular quarterly report of the Notifiable Data Breaches (NDB) scheme has been released with the two leading causes being malicious attacks and human error.
While malicious attacks accounted most data breaches (59%), human error made-up most of the remaining breaches (36%). System error accounted for just 5% of breaches.
The report pointed to a key factor in malicious breaches:
"The report shows that the majority of malicious or criminal breaches reported were cyber incidents, linked to the compromise of credentials (user names and passwords)."
Despite the high number of malicious attacks, few were due to malicious internal attacks. In fact, only seven breaches were blamed on rogue employees.
Identifying areas for improvement
The report covers April 1 - June 30, 2018 (Q2), when 242 breaches were reported to the Office of the Australian Information Commissioner (OAIC).
Data breaches due to human error came from several predictable scenarios. The top causes for a human error data breach were:
- An email containing personal information sent to the wrong recipient (22 notifications)
- Unintended release or publication of personal information (12 notifications)
- Personal information sent by mail to the wrong mail recipient (10 notifications)
Private health providers suffered the most breaches, with 49 breaches (the report explicitly points out these breaches are not related to the new My Health Record). The finance sector follows with 36 reported breaches.
Where you can get started
There are two powerful strategies for maintaining data security:
- Improving security standards and practices; and,
- Generating awareness and education for staff.
Using a password manager is an easy way to ensure both strategies are utilised. The quality of user passwords can be greatly increased and users can implement and see how improved passwords work.
Furthermore, a password manager can reduce reliance on users having to remember long and complex passwords. Instead, the manager remembers passwords for the user. The user will only need to copy and paste their passwords.
Of course, a password manager only improves data security at the end-user point. Maintaining effective organisation-level data security is more complex
Feel free to contact your Sentrian Client Services Manager if you'd like to discuss your data security options, or to find out more about the NDB scheme.