Why a data breach is a very serious event and how to protect yourself.
Do not use the same password for multiple sites, because if discovered on one site, it could also be used on the others. Your personal data (including username and password) could be stolen through a Data Breach.
At the base of a data breach there is often a vulnerability of the computer system: excessive access privileges, programming errors, outdated software... which allow criminal hackers to access the system and steal confidential data.
Data Breach is the disclosure - intentional or unintentional - of protected or private / confidential information.
A data leak does not require a cyber attack. Generally it derives from poor data security practices or from accidental actions or inertia by an individual (insufficient custody of data, loss of personal devices containing confidential data, human errors in data processing, poor preparation of data processors...).
Data Leak A data leak occurs when sensitive data is accidentally exposed physically, over the Internet or in any other form, including lost hard drives or laptops. This means that a cybercriminal can gain unauthorized access to sensitive data effortlessly.
Test yourself with the "Data Breach or Data Leak" game
The sanctions for the company can be very heavy, can reach up to 10 million euros or, in the case of multinationals, up to 2% of the total annual worldwide turnover.
In these cases the first thing to do is surely to act immediately by strengthening the defenses to protect the data from further security risks and avoid further damage.
Secondly, it must be quickly assessed whether there is the likelihood that "the violation of personal data presents a risk to the rights and freedoms of individuals". In this case it is necessary to proceed with the notification to the Guarantor, in accordance with the provisions of Article 33 of the EU Data Protection Regulation no. 2016/679, GDPR. To make the notification, connect to the website of the guarantor and fill out the online form.
There is also another article of the GDPR (Article 34) which obliges the person injured to be informed of the violation, if this information is not in the public domain. For example, if the passwords with which customers connect to the online account are stolen from a bank, customers obviously risk that someone takes possession of the contents of the current account, it is therefore logical that the Bank's customers must be notified immediately (in this case for example, for an urgent change of credentials and references relating to the current account).
Immediate think of the loss of credibility and damage to image.
Consider security and privacy aspects already in the design phase of a new service or product.
Apply the minimum ICT security measures issued by the AgID and provided for in the GDPR.
Define the procedures to be followed in the processing of personal and sensitive data to avoid accidental data loss caused by human error.
The same level of security must be required of service provider companies.
Provide roles and procedures to be activated in the event of a Data Breach in order to have rapid and effective reaction times.
To train people on the subject of Data Breach and Data Leak to raise awareness on correct behavior, reducing the possibility of data leakage due to human error.
Using the same or just a few passwords everywhere jeopardizes all of your user accounts when your password is compromised in a data breach. Cybercriminals know that most people reuse their passwords. When they manage to steal one, they will try it on many user accounts. When you use unique passwords, they can't log into your other accounts.
Two-factor authentication is a second barrier beyond the password that protects your user account. It makes it much more difficult for criminals to use stolen user credentials. If the site allows two-factor authentication, choose this option.
Using a lot of strong passwords makes it difficult to remember. Consider using a password manager for easy access and easier memorization.
