Unauthorised access or modification of information

Unauthorised access or modification means the act of directly or indirectly accessing information to which you do not have an entitlement. In general, the intention of accessing data in this manner is one of:

• Theft (for profit, or other gain)
• Damage (to cause damage to the other party)

There are many measures which can be taken to reduce or prevent this from happening. For example:

• Ensuring a rigorous authentication policy – for example, the use of biometrics, strong passwords etc
• User accounts are configured according to the principle of minimum access (do not allow access to edit, create, delete records unless the user needs this as part of their role)
• Two factor authentication to limit the chance of an unauthorised party logging in to the system
• Physical access control to machines hosting sensitive information
• User-account activity monitoring
• Endpoint security – for example, firewalls

More detail can be found here: Unauthorized Access: 5 Best Practices to Avoid Data Breaches (cynet.com)