We often think of most data breaches as criminal digital events driven by external threats; a database encrypted and held for ransom, a phishing attack, snooping on an unsecured conference call. But as noted above, it can also be as simple as a piece of paper walking out the door.
A company may have been purposely targeted for an attack, but the actual trigger is almost always accidental.
Nobody plans on opening an infected email, no one chooses to get hacked, employees don’t purposely leave patient test results in the printer tray overnight. We’re human. We make mistakes.
Also, consider that the threats are moving targets. While anti-virus software can monitor network traffic for identified threats, cybercriminals are constantly inventing new versions of malware that avoid detection until it’s too late.
For instance, one of the latest phishing schemes is a simple “Look who died!” email that appears to come from someone in your address book or a high school reunion website.
The shock value and pure curiosity of such a short message may be enough for someone to forget protocols if only for a second, and click, the hacker is in.
So, everyone has to be on guard. Always.