Reading time: 5 minutes

A data breach can be extremely damaging for a business, so it is crucial you take steps to reduce the risk. A data breach occurs when an unauthorised person accesses, shares, misuses, destroys, changes, or loses your information. Furthermore, a data breach can be when something prevents you from accessing your business’ information. It can also be when confidential business data becomes publicly available without authorisation.

A data breach can be devastating, particularly if you had specific legal obligations with the information lost, such as privacy or contractual obligations. When you operate a business online, there will always be a risk of a data breach. Unfortunately, you will not be able to eliminate this risk entirely. However, you can implement measures to significantly reduce the likelihood of a breach occurring and its effects. Therefore, this article will go through six tips to reduce the risk of a data breach occurring.

1. Know Where You Store Information

You need to know where you store your business’ essential data and what security measures you already have in place. Your business will collect and generate data in many different places, so it can be difficult to keep track of. Therefore, implement a structured storage system so that there is no information you miss.

For example, if you store different kinds of information on different cloud servers, be sure to know the kinds of information you have stored on each server.

Dispose of information when you no longer need it to reduce what you could lose in a data breach.

2. Update Your Cybersecurity

When storing any kind of information online, ensure that cybersecurity measures are up to date and efficient. Developers are constantly implementing bug fixes and improving their software. Accordingly, you need to ensure you update your security software to take advantage of these improvements. Cyberattackers can take advantage of out of date systems to access your online information. 

You also should have a cybersecurity policy to set out your internal expectations around handling your online security. More robust cybersecurity measures that suit your business can significantly reduce the risk of a data breach and avoid data loss.

Tip: For example, your policy would outline expectations around not using default settings and choosing strong passwords.

3. Include Security/Confidentiality Clauses in Third-Party Contracts

Human error causes the majority of data breaches, as well as plain ignorance. You may have strong internal policies for managing security, but you also need contractual safeguards to ensure third-party partners treat your data with the same care.

For example, you may have a contract with a third-party advertising service to analyse customer personal data. Be sure they comply with NZ privacy law when they deal with personal information, and have measures in place to prevent data breaches. 

If there is a data breach due to a third-party error, you can limit your own liability if you have clauses covering these issues in your contract.

4. De-Identify Information Where Possible

Privacy law protects personal information, which is any information that can identify a person. If a data breach compromises the personal information your business stores, you could face severe legal and financial penalties.

Therefore, you should take steps to de-identify information where possible. This process entails removing the identifying aspects of personal data, such as names or addresses. Then, a malicious party cannot use your data breach to go after the person the information is about because they cannot identify them. You can then reduce the fallout of a data breach when you handle personal data in this way.

5. Encrypt Your Data

Encryption is a cybersecurity method that scrambles your business data by encoding it, making it unreadable. Only you, the person with the key, can read this data. If you lose your encrypted data in a data breach, there is less chance of unauthorised parties reading it. They will not have access to the necessary key. Therefore, you can prevent unwanted disclosure of confidential information.

Tip: Encrypt your connections as well with a current website security certificate, to reduce the risk of an unauthorised person hijacking your business’ eCommerce transactions.

6. Limit Access

Another way to reduce the risk of a data breach is to ensure your staff only have access to business data relevant to their job. The more logins a storage server has, the more chances for one of those logins to lead to unauthorised access.

It can also be easier to identify the cause of a data breach if you can easily determine who had access to the relevant data at what time. Consider keeping access logs or login records, but make sure you adequately secure these records as well.

Key Takeaways

You can never fully eliminate the risk of a data breach, but you can take steps to reduce the risk of one occurring. Therefore, you should check that you have up to date and sufficient cybersecurity measures and have a clear idea about how both your employees and partners handle their privacy obligations. 

If you would like more information or help reduce the risk of a data breach at your business, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is personal information?

Personal information is any kind of information about an identifiable individual. If you can use this personal data to identify a living person, it qualifies as personal information. Examples include names or email addresses.

Who do I need to notify if there is a data breach?

Notify your IT and cybersecurity experts so that they can help you mitigate the fallout. In addition, if the data breach involves personal information and is likely to cause serious harm, you need to notify the Privacy Commission and the affected individuals.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards