A data breach is an incident where secure, sensitive and confidential information is accessed and exposed to an unauthorized third party. Data breaches can occur due to various cyber attacks, such as; hacking, malware attacks, loss or theft of physical devices, insider attacks, payment card fraud, unintended disclosure and so on. These stolen data from a breach include credit card numbers, financial information, customer data, trade secrets, medical records and personally identifiable information. 

Data breaches have far-reaching negative effects on organizations, including but not limited to financial loss,  reputational damage and loss of trust with clients, customers and employees. In Nigeria, organizations may face significant penalties under laws like the Nigeria Data Protection  (NDPA), which imposes fines of up to ₦10 million or 2% of annual gross revenue, depending on the severity of the breach and the size of the organization. Another damaging effect of data breach is the disruptive effect of operational downtime, legal implications and lastly, the impact of sensitive data loss. 

How to prevent data breaches

1. Educate your employees: Training programs focused on data protection reduce the risk of exposure by staff. An effective training program will include modules on the relevant data protection regulation for the territory your organization operates in addition to protective cybersecurity best practices. 
2. Data backup and recovery: Where possible, implement automated remote backup systems and update them regularly to easily recover in the event of a data loss, server crash or even a natural disaster. 
3. Destroy before disposal: One common error that leads to data breach is improper storage or disposal of sensitive data particularly with organisations who actively collect or process data on paper. To avoid these mistakes, make sure confidential information is properly disposed of. Shred paper files and also, wipe data from old laptops, phones, or hard drives. Simply deleting the files and reformatting them does not adequately erase data. 
4. Maintain up-to-date security software: Take adequate precautions to avoid security breaches. Make use of firewalls, antivirus software and antispy software to defend your organization from data breaches, and where possible implement automatic updates and set rules that force all devices on a network to update within a set timeline
5. Always encrypt sensitive data: Implement encryption for all sensitive data at rest or in transit. In addition to this, ensure your network is segmented to prevent sensitive data from being sent on public networks. 

Case study of high-profile data breaches

The Plateau State Contributory Health Care Management Agency (PLASCHEMA), a program designed to provide affordable healthcare in Plateau State, suffered a data breach due to a security oversight. Eleven of PLASCHEMA’s AWS S3 buckets were left unsecured, lacking proper authentication and encryption controls. This exposed over 75,000 files, totalling 45GB of data. Each unsecured bucket contained Personally Identifiable Information (PII) belonging to program applicants, including ID cards in some instances. It is estimated that over 37,000 individuals were affected by this data breach. 

Sources

• https://www.fortinet.com/resources/cyberglossary/data-breach#:~:text=A%20data%20breach%20is%20an,from%20an%20individual%20or%20organization.
• https://paysimple.com/blog/how-to-prevent-data-breach/
• https://gazettengr.com/nigerian-agency-data-breach-exposes-75000-personal-details-of-citizens-online/?tztc=1