May 19, 2020
A 2019 report by Carbon Black found that 96% of surveyed companies faced data breaches in the previous year.1 Human error played a big role in allowing these breaches to happen. The 2018 SingHealth breach remains one of the largest data breaches in Singapore. Another breach last year at the Singapore Accountancy Commission was caused by a staff member accidentally attaching a folder with data of more than 6,500 people to emails over a period of four months2.
With employees logging in from a wide variety of networks and devices from their homes amidst the coronavirus pandemic, the surface of potential vulnerabilities has increased. The uncertainty and fear it has caused has also been capitalised on, in social engineering attacks. A recent scam involving fake officials seizing contraband COVID-19 medication, which asks for personal details such as NRIC numbers, passport details, and internet banking credentials to avoid punishment, has already caused at least $110,000 in financial losses to date in Singapore3.
Our surroundings that we interact with daily can contain large amounts of confidential information; with various documents that prove to be attractive to hackers and scammers. Without the proper safeguards and practices, an organisation or individual may lose control over how their own personal information may be used.
Despite the uncertain environment, educating employees on the right approach to data protection remains one of the core tenets of a holistic approach to data protection. This would mean that new employees coming into a company have to familiarise themselves with the importance of good data protection practices, recognising threats, and the consequences of a breach, which include financial sanctions and further reputational damage.
In particular, employees should be made aware of how some of the most innocuous habits can lead to a breach. Employees should also understand the rationale behind data protection processes which their organisation has implemented.
It is important to understand that breaches do not always happen digitally. Physical materials such as printed documents and digital storage media present additional avenues for bad actors to exfiltrate valuable confidential data. Educating employees on good data protection habits and learning to recognise attempted attacks in a company can mitigate the risk of data breaches occurring.
To bolster data protection, businesses can get started by implementing policies such as the Shred-it All Policy and Clean Desk Policy in order to reduce the potential risk of a data breach, and engage reputable data destruction services such as Shred-it to destroy physical data in a way that prevents it from being accessible.
Learn more about how Shred-it can get you started on data protection and disposal and contact us for a free quote and risk assessment to get you started.
Disclaimer
This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.
1 CISOMAG. (2019). 90 percent of Singapore businesses suffered data breaches last year: Report [ONLINE] Available at:
https://www.cisomag.com/90-percent-of-singapore-businesses-suffered-data-breaches-last-year-report/. [Accessed 9 Apr 2020]
2 The Straits Times. (2019). Accountancy commission inadvertently leaks data of 6,541 people [ONLINE] Available at: https://www.straitstimes.com/tech/accountancy-commission-inadvertently-leaks-data-of-6541-people. [Accessed 13 Apr 2020]
3 The Straits Times (2020). Scam linked to Covid-19: Victims lose $110k to fake officials [Online] Available at: https://www.straitstimes.com/singapore/courts-crime/scam-linked-to-covid-19-victims-lose-110k-to-fake-officials [Accessed 17 Apr 2020]