Prevent a PII Data Breach

Sometimes Not All Press is Good Press

Data breaches can damage an organisation’s reputation and commercial interests. Mishandling privacy can lead to distrust and loss of customers.

Transparency, when a data breach occurs, can reduce the reputational impact on the organisation, and can encourage individuals to take steps to reduce harm post-breach. It also demonstrates that the organisation takes responsibility to protect personal information seriously which aids in trust building. You can also proactively manage service access to prevent a breach from occurring in the first place.

What is a data breach?

A data breach is an unauthorised access or disclosure of personal information, or loss of personal information. A data breach occurs when personal information that your organisation might hold is subject to unauthorised access or disclosure, or is lost. A data breach may be caused by malicious action (by an external or insider party), human error, or a failure in information handling or security systems.

Examples of data breaches include:

  • loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information
  • compromise of a system or service containing personal information
  • unauthorised access to personal information by an employee
  • inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person
  • disclosure of an individual’s personal information to a scammer, as a result of inadequate identity verification procedures.

What is ‘Personal Information’?

Personal information is information about an identified individual or a reasonably identifiable individual. You should be aware that information that is not about an individual on its own can also become personal information when it is combined with other information if this combination results in an individual becoming ‘reasonably identifiable’ as a result.

Mitigation Strategies

Mitigation strategies can be implemented to protect from:

  • targeted cyber intrusions and other external adversaries who steal data
  • ransomware denying access to data for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning
  • malicious insiders who steal data such as customer details or intellectual property
  • malicious insiders who destroy data and prevent computers/networks from functioning.

We recommend any mitigation strategy should be first implemented to your high-risk users and computers such as those with access to important (sensitive or high availability) data and exposed to untrustworthy internet content. Only then implement it for all other users and computers. Organisations should perform hands-on testing to verify the effectiveness of their implementation of mitigation strategies.

The Essential Eight

The Mitigation Strategies that constitute the Essential Eight are:

Application Control

Patch Applications

Configure Microsoft Office macro settings

User application hardening restrict administrative privileges.

Patch operating systems

Multi-factor authentication

Regular backups

How Jellyfish can assist prevent a breach

Cogito’s Jellyfish is a single pane of glass control panel for all your cyber tools. It provides your organisation with superior situational awareness, providing infrastructure monitoring logging, vulnerability protection, identity and access management, as well as token management, HSM Key management, mobile credential management and automation in other areas.

A single pane of glass to increase security and cut costs with both active and automated capabilities built in.

How does Jellyfish work? 

Jellyfish combines multiple sensors and protection systems

Combines multiple sensors and applications to detect and respond

Allows a conversation between multiple protection platforms

Dynamically automates system responses

Jellyfish is an active approach to cyber security – rather than passive.

Most cyber products are passive

Jellyfish allows ACTIONS to be taken to stop breaches, as well as reporting them

Other solutions report on a BREACH- Jellyfish actively prevents it

A new approach to managing access and preventing a breach

The use of tokens and Hardware Security Modules in a Zero Trust environment ensures every attempt to access your data needs to be verified. Jellyfish PKI provides the credentials that allow for secure identification and stronger user and device authentication.

Download our Prevent a PII Data Breach Fact Sheet Below