Should businesses be held responsible for their data breaches?

I’m not sure about you, but I’m beginning to get bored of hearing businesses have had data breaches. To be honest, it’s becoming ordinary news that we hear every week. It’s a new business every week, from TalkTalk to Sage and now Seagate, but let’s not lead ourselves to believe that the businesses are the victim. A lot of data breaches aim for the personal information of staff and customers, in essence they are the real victims. And with the difficulty of tracing the cyber criminals making it unlikely they’ll get caught, the staff and customers have no one else other than the business to sue.

Seagate are due to face a large lawsuit at the end of the year against some of their own employees. The employees are arguing that Seagate didn’t do enough to protect their personal information, that it was Seagate’s responsibility to keep their data secure, and that Seagate should be held responsible for any further financial fraud committed after the breach.

The employees have a very good argument and authorities will likely investigate whether Seagate were making an effort to keep data protection in place, or if they were naive enough to think they didn’t need to stay secure at all. The data breach was part of a phishing email, when someone followed the link to the email malware was installed allowing criminals to access the personal information of Seagates staff. Due to the fact that the email was art of a targeted phishing scam, a SPAM filter could not have stopped the attack. Unfortunately the attack also came down to human error as a user was the one to open the email and followed the links provided. Potentially, user lessons on cyber security could have made the user more aware of what a phishing email is and what damage it can cause to the company.

Businesses who believe that it will never happen to them don’t understand the the growing risks and are not taking it seriously enough. The last couple of years have really proved that it could happen to anyone. Although a lot of data breaches are targeted it’s not uncommon for a data breach to be, in the criminals eyes, a lucky mistake. All it takes is for an unaware user to click on a dangerous link attached to an honest looking email or website. Next thing you know your computers infested with malware and your data has been stolen and encrypted.

If you ask me, businesses should be held responsible. If a business is to hold delicate data then it’s their responsibility to ensure it is protected, meaning it is their responsibility to ensure antivirus, SPAM filters and Firewalls are installed. To ensure all their operating systems and programs are updated, to ensure their users are aware of the threats they can come across when using a computer, and how they can help keep the business protected themselves.

The Cyber Wise courses are built to help teach users the dangers and severity of cyber crime. They ensure users are more aware of the threats they can cause when using a computer, and how to identify possible dangers like phishing emails and malware infested websites.