SECURITY BREACH:
We refer to a security breach when there is an unauthorized access, manipulation, deletion or communication in relation to the information of our company or entity, its physical facilities (offices, factories, stores, etc.) or its computer systems.
So security breaches can be caused by cyber-attacks or also by human error, whether intentional or unintentional.
In turn, when a security breach especially affects personal data, we speak of a data breach or privacy violation and it can be either by digital means or by physical means (for example, sharing with an unauthorized third party certain paper documentation on a natural person).
What security breaches can we not avoid?
Security breaches caused by a person outside the company or entity, i.e. cyber-attacks.
What security breaches can we avoid?
- Unauthorized access to the facilities or certain restricted areas: When we receive visitors (suppliers, clients, auditors, collaborators, etc.), it is very important that they are accompanied at all times. Likewise, and even if they are company or entity personnel, it is important not to access certain areas considered private or restricted without prior authorization from the person responsible for that area or department (for example, management offices in companies or senior management in public entities).
- Unauthorized use of systems or information: Each professional has to know what information must and can be treated and what not, because it is necessary for the exercise of their work functions. The fact of having access to technologies or information that transcends the area of activity or department, can cause serious security breaches. Therefore, when in doubt as to whether or not we are authorized to access and make use of certain applications and documents, it is preferable to ask our direct manager and the IT Department internally.
- Unauthorized copies of digital and physical documents: We must take special care when making copies and/or extracting digital and physical documents. Especially if their content may be considered confidential or of a personal nature. Therefore, before transferring documents from one device to another, or even saving them on a USB, it is preferable to make sure if we are authorized to make such copies, again preferably by asking our line manager and the IT Department.
- Inappropriate recycling: Paper documents containing confidential information or personal data, should not be reused for environmental reasons as “dirty paper” or for taking notes. In this case, security and privacy take precedence over the recycling culture, for obvious reasons. In fact, it is not enough to throw them in the trash, they must be destroyed either by using a paper shredder or by tearing them into a thousand pieces. Failure to do so could lead to a major security and data breach, which we do not give enough importance to in our daily lives.
- Verbal communication of confidential or private information: The exercise of our job functions is part of our daily life, so we are given to talk about it even in the social or private sphere. However, we must be aware of what we can share, as it refers exclusively to our professional and career performance, and what we should keep to ourselves, as it is confidential information of the company or organization. This recommendation should be applied even between areas and departments, with respect to information that our colleagues do not need to know. The areas with the most critical information about the company’s or entity’s systems or data are: Management, Finance, HR, Legal and IT.
IMPORTANT NOTE: If we suspect that we or a third party has caused a security breach, we have a legal obligation arising from our responsibility as users of technology and information to alert the IT Department, the Chief Security Officer (CISO), the Data Protection Officer (DPO) and the direct superior in the professional environment We would like to ask them to advise us and help us as soon as possible. And if it affects us personally, we should also report it to the police authorities.
*Date of shipment: February 11, 2025