6 Common Causes Of Data Breaches

Network Security And Privacy Crime. Mixed Media

Practically every week another news story comes out describing how a high-profile company has suffered a major data breach, relinquishing high-value, personally identifiable information to hackers. With all these damaging cases in the press, conscientious companies are now asking themselves why this is happening and what are the most common causes of data breaches?  

It turns out that there are quite a few different ways hackers can gain access to data, ranging from breaches that occur during mergers and acquisitions to those that happen as a result of international data transfers.  To significantly mitigate against the costly loss of data relies heavily on being able to identify where and when it is most likely to occur. 

Imprima’s people, technology, and processes are certified to the most comprehensive ISO 27001 security accreditation and in this article, we’re going to identify common sources of data breaches so you and your company can avoid them in the future. Let’s dive right in.  

Physical Device Theft 

When people imagine pressing cybersecurity issues, they often think of hackers hammering away feverishly on keyboards in darkened rooms. But physical device theft is still one of the most common ways in which companies can experience a data breach. Opportunist criminals can make their way onto your premises, pick up an unattended laptop, and have immediate access to all your firm’s files and shared information.  

How can you avoid data breaches like these? Simple: make sure that all devices have passwords that kick in as soon as they are put down or left unattended. Plus, two obvious tips; use complex passwords and never share them! 

Use of less secure cloud-based consumer designed systems    

Sending company information via a provider that is not ISO 27001 compliant is a risky business and always comes with an elevated level of threat. Many companies trust high-profile cloud-based platforms which are more suitable for consumer-based personal use which is not always fit for the intended purpose.  

If you’re using cloud sharing services to transfer highly sensitive data, that often doesn’t have the internal security measures that are designed to counter external threats, then you’re putting your company and clients at risk. One such example of a cloud sharing site breach is Dropbox being hacked with 68m passwords leaking onto the internet.  

Weak Passwords 

Hackers have a database of common passwords that they share, making it easy to bypass company security. Although management may understand the importance of strong passwords, many staff do not. It’s essential to train staff on choosing passwords with no personal relevance (such as John123). The best passwords incorporate a mixture of random numbers and letters in no particular order. The longer the password, the better.  

At Imprima, our virtual data rooms, are considered to be the most secure on the market with a high level of personal security options available to deal room owners. Having the ability to set the password character limit up to 30 characters can remove risk, by allowing the use of passphrases.  

We also offer second-level authentication that allows for a generated pin code that rotates each time you enter the room and is either emailed or sent to you via text message. If you’d rather keep your virtual data room highly secure with a secret question, then you can opt for that too.

On average, employees have 27 passwords to manage, the temptation to keep things memorable is high and thus insecure. Companies are turning to Single Sign-On providers to provide a one-stop-shop for the centralisation and enhanced security, that having a single-entry point for login credentials provides. 

Imprima can integrate with all main SSO providers, giving companies oversight of employee security, along with the easy removal of former employees to restricted systems. You can read about Single Sign-On via our free whitepaper here.

All options should be offered to you by your virtual data room provider and are key to keeping deal critical data safe.  

Failing To Control Access 

When it comes to permissions, companies often start with the best of intentions: to restrict access to all areas of the network while granting a minimum of autonomy to each member of staff, depending on what they need to be able to access for their work. But over time, as new people join the company and others leave, the access landscape can become increasingly complicated. Eventually, companies lose track of who has access to what, creating an administrative nightmare. These complexities are a gift to hackers who can gain access using old login credentials or passwords, bypassing conventional security measures.  

Smart companies endeavour to keep things simple. When a person joins the company, they get given access: when they leave their access gets revoked. It’s that simple.  

Leading virtual data room providers offer user access controls with granular access on user’s data access and full document protection which helps to mitigate this risk.

Having users log in with the rotating pin code that we mentioned above is used as a failsafe way to stop departed employees from logging into virtual data rooms. However, the preferred and safest method is to let the virtual data room provider know when staff leave your company. 

Internal Breaches 

Employees are a significant cybersecurity risk. Not only can they be unintentionally careless and negligent, but they can also be downright malicious in certain circumstances.  

Rogue employees, for instance, can lead to the downfall of data integrity. All it takes is a single disgruntled employee to attack an access-restricted system themselves or pass on security information to a hacker, and you could have a full-blown breach on your hands.  

Also, be aware that an internal breach doesn’t necessarily have to involve a full-time employee. Contractors, visitors, and even customers can all represent a threat.  

If using a virtual data room provider, make sure that they offer tracked and auditable information rights management so you can maintain full control over document protection. 


The purpose of malware is usually to get around software security measures, giving hackers direct access to your company computer systems. Malware often lies dormant until a hacker has collected all the information they need to conduct a damaging strike.  

At Imprima, we have invested heavily in new technologies and stay ahead of the latest security threats such as malware, phishing scams, data exfiltration, DDOS, and other advanced attacks. With Imprima, you can be confident that your data is always optimally protected. 


Mergers and Acquisitions  

According to data from Forbes, nearly 40 percent of acquiring companies say that they have experienced some kind of cyber-security issue during the M&A transaction process. 

This tends to occur when transferring due diligence data via tools not fit for purpose. Often, the people scrutinising the merger process do not have expertise in cybersecurity and so rely on cloud storage services. Lawyers do a great job of ensuring that the deal between two firms is legally airtight, but they are less well versed in the intricacies of cyber security which is why we advise the use of a virtual data room during all M&A transactions.  

Real Estate Transactions 

During the buying or selling of real estate, both parties are duty-bound to give up critical personal data, including financial details. Real estate transaction breaches can halt the process of selling a property and worse yet, lead to monetary loss. People who are victims of real estate transaction data breaches can suffer serious financial ramifications.  

According to a recent report by KPMG, 50 percent of the surveyed businesses in the real estate industry felt that they were not adequately prepared to prevent or mitigate a cyber-attack.  

Banks and hospitals often have federal laws ensuring security systems to protect information however real estate transactions don’t have the same level of government scrutiny leading to a wide variety of attacks that threaten real estate deals.  

A virtual data room can be critical to keeping your real estate data safe and secure.  

Raising Capital 

Raising capital often means handing over valuable information about your company to a third party. That information could include all kinds of things, from rosters of staff to details about your company’s bank accounts. Whatever it is, it could be used against your company by malicious actors online, even when applying for capital in person. It’s not just your company’s security systems that matter, but the integrity of the firms that you interact with too. 

When looking for a company to help with the raising capital process, ensure you use one that not only helps to get the deal done in less time but also offers granular reporting so you can keep company information safe and secure.  


The causes of the data breaches outlined above are not merely theoretical – they’re real. As a company, it’s often tricky to mitigate all these threats without external help., From ensuring data integrity during mergers and acquisitions to ensuring that your systems are protected if you want to send information transnationally, Imprima can help you prevent data loss in a myriad of ways. Whatever your reasons for wanting to protect the data you own, we can help. Our services can mitigate these risks and help you be more robust against the cybersecurity threats that your company faces.  

Want to find out more?

Submit your details below and a member of our team will get back to you shortly

This field is for validation purposes and should be left unchanged.
Related Blog Posts
Redaction simplicity image
Artificial Intelligence
April 17, 2024
AI LLM image
Artificial Intelligence
January 17, 2024
See all blog posts relating to: