Data breaches: How they occur and how to prevent them

A data breach exposes confidential information to an unauthorised person (at UQ this could include PROTECTED, SENSITIVE or even OFFICIAL – INTERNAL information (see Information Security Classifications)). 

• A data breach can have severe repercussions, as outlined in Why information protection is important.

One third of data breaches in Australia are caused by human error.  While UQ has cyber security controls in place to help protect information, there are simple steps you can take to help prevent data leaks.  

Report a data breach

Follow the below tips to help prevent data leaks at UQ. 

• Keep a clean desk policy. 
  Don’t leave confidential documents on your desk. 

• Be cautious when printing SENSTIVE or PROTECTED documents. 
  Don’t walk away from the printer while the documents are still printing, or leave documents unattended in the printer tray. 

• Be conscious of attaching documents to emails.  
  Ensure when you are attaching a document to an email, that it is in fact the correct document. Sometimes through human error people will accidentally attach the wrong content and consequently leak confidential information. In addition, be wary of sharing information in general. 

• Remove email trails when necessary. 
  If an email trail may have confidential information in it, remove this content before forwarding the email on to other recipients.

• Don’t discuss confidential information in public. 
  For example, don’t have a teleconference in a public location where members of the public could overhear sensitive details, or have a private work meeting in a busy café. Be aware of your surrounding environment when discussing work matters. 

• Don’t undertake confidential work in public places. 
  For example, if you are working on your laptop on the train, the person next to you could easily see any confidential information on your laptop screen.

• Keep close track of physical documents, and secure where appropriate. 
  Store and treat any physical documents appropriate to its classification. For documents classified as OFFICIAL-INTERNAL and higher, you may need to consider a locked filing cabinet. In addition, ensure you dispose of physical documents appropriately—for example, place SENSITIVE and PROTECTED records in a shredder bin.

• Store, share and transport documents appropriately, commensurate with their Information Security Classification. 
  See where to store your files and information for guidance on what storage platforms are appropriate for your information’s security classification and sharing needs. 

• Don’t over-share information on social media. 
  This includes LinkedIn and Twitter, which are commonly used for professional networking and updates. Find out more about using social media safely here .