A "breach" is an incident in which sensitive or confidential information is made available to unauthorised individuals in some way. A breach can happen in any way and have long-term effects that go beyond the loss of data. The consequences of such breaches could also include financial and reputational loss due to heavy regulatory penalties, among others. Because of this, it is important to put in place the right safeguards to prevent a breach from happening.
Breaches may occur through social engineering techniques such as phishing, tailgating, pretexting, baiting, and quid pro quo. Malware, ransomware, and insider threats are additional forms of breaches. Typically, the goal of a cyberattack is financial gain. Other motivations could be political or personal in nature. Article 2.6 of the Nigeria Data Protection Regulation 2019 (NDPR) imposes a data security obligation on data controllers and processors. This provision requires data controllers and processors to implement security measures such as installing firewalls, securely storing data with access restricted to specific authorised individuals, implementing data encryption technologies, developing organisational policies for handling personal data (and other sensitive or confidential data), protecting email systems, and continuously building staff capacity.
Ways to prevent data and security breaches:
Additional measures include regular security audits, off-site data backups, third-party risk management, data de-identification, anonymisation, and pseudonymisation.
It may not always be possible to prevent a data breach, as no security system can be completely foolproof. In the event of a breach, it's important to have an incident/breach response plan that will trigger a quick response right after the breach. This will lessen the damage caused by the breach. Achieving the highest level of security helps businesses comply with regulations and instils trust in data subjects, investors, and the general public.