I'm sure you've heard this term floating around, but what is a data breach? 

It's when unauthorized people access sensitive information.

Unauthorized people can include cyber criminals and hackers, just as well as your neighbor who picks up your laptop while you're in the bathroom. If they use your personal information without your consent, that's a data breach.

Often, people think of hacks and leaks when they think about data breaches, but it can also be when someone has physical access to something like a laptop or phone and uses confidential information for their gain.

No one ever thinks their company will suffer from a data breach, but the fact is, any company can become a target. Further, it’s crucial to consider computer security vs cyber security.

The biggest reason why data breaches occur is that companies don't take the time to understand what data security means and why it's so important. In addition, they have not implemented cyber security services.


When you're not well-versed in the basics of data security, your organization becomes vulnerable to cyber attacks and social engineering. Did you know that phishing attacks are one of the most common types of cyber attacks?

Phishing attacks are a form of social engineering that aims to manipulate emotions or trick you into revealing sensitive information like usernames or passwords. A typical phishing attack is a spoofed (fake) email that looks like it's coming from the CEO of the company you work for.

In addition to phishing attacks, cybercriminals also target companies with malware, ransomware, and other tactics designed to infiltrate your organization's systems and steal PII and additional sensitive information.

A new email scam is making the rounds.

How to spot it: The email will contain aggressive or demanding language and require action like logging into a web page, verifying a payment, or making a purchase. As mentioned above, clicking any links in the email or downloading any attachments could result in your login credentials being stolen or the installation of spyware in a malware attack.

SMS and social media attacks are becoming increasingly common too. Another example is offering a free credit check to gain access to personally identifiable information (PII).

What to do: If you receive one of these emails, delete it. Don't click on any links or open any attachments. If you're worried about what was mentioned in the message, go directly to the source (e.g., your healthcare system’s website) and contact them there. Remember: Never share your personal information over email.

Spyware is malware that infects your computer or network to steal personal information, Internet usage, or any other sensitive data it can acquire. You might install spyware by downloading an email attachment or by what seems to be a benign application (bundleware).

Alternatively, spyware can be installed on your computer as a secondary infection from a Trojan horse. Once spyware is installed, all your data is sent back to the command and control servers run by the cybercriminals.

What about sensitive data?

The rise of regulatory scrutiny over sensitive data protection has culminated in a desperate need for improved data management, third-party risk management, and enhanced cyber security. Forsaking these now essential requirements could cost your business up to $4 million.

When you're using social media platforms like Facebook and Twitter, it can be easy to forget that anything you put out there could end up being viewed by a much wider audience than you intended, whether that's a potential employer or even a government. While we all want to share our opinions and experiences with others, it's important to remember what you put online is public and permanent, so there are some types of information you should always keep private.

The North Carolina Identity Theft Protection Act of 2005 defines Sensitive Personal Data as information regarding an individual's first name or first initial along with their last name and one of the following:

-Social security number

-Driver's license number or identification card number

-Account number, credit or debit card number, in combination with any required security code, access code, or password which would permit access to an individual's financial account

-Any combination of data elements that would allow access to an individual's financial account (e.g., username/password)

-Biometric data

-Health care information or health insurance policy or subscriber numbers.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines Protected Health Information (PHI) as individually identifiable health information.

So what's the difference between confidential personnel information, card holder data, and personal data? Here's a quick rundown:

* Card Holder Data: As defined by the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is an information security standard that tells organization's how to handle branded credit cards from the major card schemes.

* Personal Data: As defined by The EU General Data Protection Regulation (GDPR).

* Confidential Personnel Information: As defined by the State Personnel Act.

* Confidential Information: In accordance with the North Carolina Public Records Act. Includes trade secrets and similar related data.

Data privacy and security are vital.

We take it so seriously that we had to ask ourselves: what is "sensitive data," really?

It turns out pretty much anything can be considered sensitive data. It's comprehensive and includes things like racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation (though you probably already knew that), financial information (bank account numbers and credit card numbers), and classified information.

Tricare data breach

In September 2011, a car break-in resulted in the theft of Tricare data. The stolen information was backup tapes of electronic health records for active-duty troops, dependents, and military retirees.

Although the stolen backup tapes were encrypted, they could not be recovered by the victims or law enforcement. It’s unclear whether the criminals possessed the necessary insight to decrypt the information stored on them or if they understood what they were stealing.

The incident was treated as a data breach, and those who had their data compromised were notified.

In the Tricare data breach, the following data may have been compromised: Social security numbers, names, addresses, phone numbers, personal health data, clinical notes, lab tests, and prescription information. The breach impacted 5 million customers.

What is a cyber security services provider?

With cyber attacks becoming increasingly common, many organizations partner with a managed security services provider. An MSSP is a third party that protects hardware and data from potential cyber attacks by continuously monitoring your organization's security devices and systems. This could include blocking viruses and spam, managing firewalls, detecting intrusion attempts, setting up and securing a virtual private network (VPN), or implementing system changes or upgrades.

Even if you think you've got top-notch security, there are still holes in every system. That's why most organizations need an MSSP—to fill in those gaps to ensure your systems are secure, including:

Managed Security Service Providers offer a range of services to help your organization maintain a safe environment. These include:

  • Device management
  • Log monitoring and management
  • Vulnerability management
  • Consultancy services

MSPs generally offer their services in a software-as-a-service (SaaS) model. This means that your organization doesn’t need any extra hardware or staff – and this has several significant benefits.

No surprise costs: With a cyber security services provider, you receive a fixed monthly amount for all services. You can only add services of your choice. This makes it easy for you to predict and manage your security costs accurately.

As you know, many organizations are struggling with managing their own IT security. This is mainly because they lack the expertise and knowledge to keep up with the latest developments in cyber security. Luckily, there are MSPs. The right partner can help you gain access to unique expertise and tools. It clarifies what you have to do as an organization, and it's a solution to a lot of your concerns.

After all, managing everything in-house means new rules and guidelines can come as a surprise, resulting in high unexpected costs when you need to hire industry and compliance experts. You may not have the necessary knowledge or experience with cyber security either.

One of the main benefits of working with the right partner is the broad cyber security expertise that many companies don’t have in-house. Outsourcing this to an MSP means you can be confident that a security expert will correctly protect and manage your data. The certified employees of MSPs are always aware of developments in the industry and modern cyber threats.

Organizations that trust an MSP are often more effective at protecting their organizations than relying on their security teams alone. Of course, this doesn’t alter that both teams have to make proper arrangements about how they communicate with one another.

In conclusion

It's hard to imagine a more urgent issue for businesses than cybercrime, which develops more quickly every day. Even the most prominent companies are finding vulnerabilities in their security systems. Tracking these threats would be difficult, time-consuming, and require a significant workforce without proper protection.

The threat landscape today poses a real risk to your sensitive data, profitability, and reputation. IT security is an ongoing activity that requires a clear understanding of how users, customers, and applications access data and how devices are configured. With SSI on your side, you can meet the challenge of cybercrime head-on.

SSI can help you protect your company's sensitive data and improve the quality of your security. Request an assessment.