Data breach >> an incident where an unauthorised individual get access to the sensitive data, it mostly happen through targeting employees and important individuals by tricking them into clicking on links so malicious software would encrypt the company’s data and demanding money for decryption which called Ransomware. Or tricking them into revealing their credentials through fake emails which called phishing.
Password management security breach >> weak password, using the same password through different platforms, writing down the passwords on a piece of paper, not using MFA which always make sure that the right person have access to the data by(what you have, what you know, what you are)
individual : stress and illness, loss of employability, financial loss, loss of trust Company : loss of revenue, legal issue, reputation damage, financial damage
firewall : it monitors incoming and outgoing traffics and decide whether we want to allow or deny it. Intrusion detection system(IDS) : it will detect and alert Intrusion prevention system(IPS) : it will detect and block suspicious traffics
encryption: cover the data into a coded unreadable format 321 backup strategy: means 3 copy in 2 different storage and 1 offsite. Regular vulnerability check: identifying new vulnerabilities Access control: equip with CCTV and giving the authority to have access to each information and data based on the users role. Regular staff training: they will be updated about phishing and social engineering methods.