A recent Beazley Breach Report indicated that 30 percent of all data breaches were a result of employee or vendor data management errors. As the media continues to focus on the malicious, malware and ransomware attacks (accounting for 32 percent of all breaches according to the report), the need to build robust technological and operational business procedures to safeguard data from accidental breaches is often being overlooked.
In addition, increased regulatory requirements in all industries, especially in education, puts these organizations at increased risk for costly sanctions and financial penalties. It is critical for organizations to understand their compliance responsibilities. Data breach notification laws have been enacted in most U.S. states, and to further complicate the matter, one breach may subject an organization to notification laws in many different states.
More than one-quarter of all breaches in higher education were a result of unintended disclosures that could be prevented with more effective controls and processes, according to the report. One particular case from Beazley reported a university that discovered a page on its public website contained an ID and password which provided access to the university’s administrative site with over 70,000 student applications and SSNs. Although there was no indication that the ID and password were accessed by anyone other than appropriate university staff, the university spent over $100 thousand on notification processes, credit monitoring and public relations efforts.