It takes about 206 days to find out whether you have been hacked

Data breach website

Organizations do not see their web server as a critical part of the company and risk a fine

Whether you have a high-tech company or a small accounting firm, every company runs the risk of causing a data breach. It can happen very quickly: you accidentally send a file with extensive customer data to a wrong recipient and there it is: a leak. And that is painful for those involved and the responsible party. Nobody wants the personal information of their customers or relations to be open and exposed. Nevertheless, the number of data breaches seems to be increasing in recent years. The impact of a data breach on the organization can be considerable. According to the annual report “Cost of data breach” from the Ponemon Institute, the total costs of data breaches in 2018 worldwide amount to 3.86 billion US dollars (3.4 billion euros). The costs due to image damage have not even been included.


To protect individuals against misuse of their private data, the government introduced the General Data Protection Regulation (GDPR) last year. Organizations do their best to comply with this law, and use techniques to keep data safe and only accessible to authorized persons because otherwise a fine may follow. Information is therefore handled more carefully than a few years ago. But sometimes you do everything well, and it still goes wrong.

Companies and institutions use firewalls, identity & access management solutions and endpoint security applications to keep their IT environment and all stored data as secure as possible. So far so good. What is sometimes forgotten is that the website, even though it is hosted by a third party on a separate server, is also part of the company. And this can also cause data breaches. Because the web server or the hosting company can be hacked without any alert given. American companies only find out after 206 days that they are dealing with a hack. What does that mean in practice?

Information misuse

Employment agencies, secondment companies or, for example, insurers regularly ask customers to upload data via the site. This can include photos of damage, but also CVs, license plates, addresses, account numbers and birth dates. All information that you do not want to make public. If the server is hacked, the cyber criminal can easily watch when another upload occurs, and misuse the information. That is a very real danger. Organizations that do not see their web server as a critical part of the company then risk not only a data breach and image damage, but also a hefty fine.

Of course this can all be prevented. The most important rule is that information flows must always be secure. Do not ask customers to upload information via the website or to e-mail it, as this is very unsafe. Ensure a secure environment in which data is sent with encryption. This is possible with FileCap, a secure e-mail and file transfer solution that is very suitable for companies that regularly receive sensitive information.  FileCap offers the possibility to create a “permanent link” that is available to customers and relations.


This link can be used for a long time, so it can also be placed on a website. Through this link users enter the safe FileCap environment. Here the information is uploaded and sent to the recipient with encryption. This way hackers don’t get a chance, and companies don’t have to fear a hefty fine. And most importantly: this way you know for sure that the details of your valued customers have not been misused for 206 days.

What do users and resellers say about FileCap? Read the reference cases

Thomas Calf, account manager at Contec BV