We`re just sending through your details

Please give us a few moments whilst we get your account ready.


Mayday, mayday, we’ve been hit with a data breach

Mayday, mayday, we’ve been hit with a data breach

posted in Disaster Recovery ● 4 May 2017

In recent months, technology giant IBM accidentally sent their own customers Malware, the Metropolitan Police Force gave away contact details of gun users in the UK and mobile operator Three, failed to control access to customer’s personal details and account details by third parties.

All three of these companies should know better when it comes to the risk of a data breach but it goes to show that all companies are at risk of data breach and should be doing more to combat this risk, especially with GDPR on the horizon.

GDPR is The General Data Protection Regulation and comes into force in Europe in May 2018 but will have a global effect.

In IBM, we trust

Although IBM were most likely one of the first companies to have ever experienced and learnt from a data breach, it seems not even they can avoid a slip up every now and then. This week, IBM have made users aware that USB flash drives containing the initialisation tool for some of their Storwize systems “contained a file that has been infected with malicious code”. It is not yet known how many customers may have been affected by this but IBM had been actively distributing the software unknowingly putting their own customers at risk.

Policing data breach

While data breach isn’t usually an area the Metropolitan Police Force would be involved in, leaving that up to the ICO, they are now. For the wrong reasons.

The Data Protection Act in the UK ensures that personal data such as your name and home address must be handled in a safe and secure way. So, when the police are accused of selling or giving away this information for 30,000 people it’s clear that something has gone wrong. In addition, the fact that these 30,000 people are legal gun owners gives, even more, reason for concern.

Three’s a charm

Three are no stranger to data breach having had data for more than 130,000 of their customers compromised by cyber-criminals less than 6 months ago. So being back in the news for another data breach should be a worry.

This time around, customers were presented with each other’s names, numbers and call history when attempting to log into their accounts. According to a spokesperson, “no financial details were viewable” and they will be “investigating the matter”.

Reducing the risk of data breach

Data breach and data loss are costly to organisations; From a monetary sense fines can be levied by the relevant state Information Authority (e.g. the ICO in the UK) and further with reputational damage. Three are a prime example of an organisation that will have damage done to their reputation due to data loss. When you look for a new phone provider, it is unlikely that you are going to choose the one known for losing customer data and personal details.

These cases all have something in common in that the companies were quick to confirm that the matters would be explored further and that actions would be taken to ensure breaches would not happen again. This being the case, the sources of the initial breaches are unknown to the public.

Data breaches can come from many sources and it would be difficult for any organisation to claim total security against them. However, it has been reported that 25% of breaches involve internal actors compared to 51% involving organised criminal organisations. Of these attacks over half, 51%, included malware which has been a growing threat in IT for the past 18 months.

The threat from internal users should be less than 1 in 4 and Network managers and administrators will have to review internal policies and procedures to lower this, usually starting by limiting who can access data.

Statistics used are from the Verizon DataBreach Investigations Report 2017. 

Vital new role of AI in keeping backup data safe from malware

Vital new role of AI in keeping backup data safe from malware

Every day more than 350,000 new types of malware are unleashed on the internet. The scale of the problem is so massive, it is no longer enough to have traditional anti-virus software, solely defending against known threats.

Continue reading
Xero Data Backup

Why you should consider Xero Data Backup for your accountancy firm

Ignoring the need for a third-party backup is a major gamble. Xero’s own Services Agreement states: “You must maintain copies of all data inputted into the service. Xero expressly excludes liability for any loss of data no matter how caused.”
Continue reading

Survey on risk of data loss and cybercrime

Wondering how best to fend off new cyber threats? Curious about what your peers are doing?

Continue reading