What is the Difference Between a Security Breach and a Data Breach?

In our blog, we talk about security and data breaches all the time. We tell you how you can take efforts to avoid them and how to prepare your organization for the inevitability of being exposed to them. With all that security talk, we should briefly describe the difference between a security breach and a data breach, because they are two different things that get lumped together quite a bit.

What is a Security Breach?

A security breach involves unauthorized access to company-owned accounts. This means that people (or other machines) that don’t actually have authorization gain access to an account owned and operated by your business. This includes any device, network, website, server, or other IT asset. 

What is a Data Breach?

A data breach, on the other hand, is a specific type of security breach. Data breaches involve unauthorized access to data such as computer files and documents. This also covers alteration or destruction of data.

Why Do the Distinctions Matter?

Well, as we defined earlier, data breaches are technically a type of security breach, but many data protection laws define data breach as the threshold where an organization would have to notify their clients and vendors. Many of these laws have specific definitions of what qualifies as a data breach. For example, was there a security breach where data was stolen but was encrypted and unusable? In many cases that would not be defined as a data breach.

If you are a regular reader of our blog (and we hope you are), you know that we go through what to do to avoid a security breach at all costs. We talk about the software you need (antivirus, firewalls), what you need to do to keep them working (patch management and routine maintenance), what efforts and practices you’ll need to master (identifying phishing, creating secure, unique passwords), and what tools you need to maximize those efforts (password manager with multi-factor authentication). 

These tools and strategies are all designed to keep hackers and other threats from affecting your business. Give us a call at (713) 979-2090 to learn more about our cybersecurity strategies and how they can work for your organization.