Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Cybersecurity experts reacted below on this news and the importance of a data loss prevention system.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This really highlights the importance of cyber hygiene in the supply chain. Metro Bank may have great security practice, but it only takes one weak link in the system to cause a breach like this one. Most breaches are easily mitigated by basic cyber hygiene practices such as using strong password protection and making sure software is up to date. By following cyber hygiene standards an organisation isn\’t just protecting their data and those of their customers, they are helping to create a safer digital space for all of their partners and vendors too.
This exposure is troubling as the public trusts banks to safeguard their information. It highlights that trust is dependent on every single security action, and the importance of using trusted service partners in the supply chain – while the attack was targeted at Virtual Mail Room, the impact ripples across to hundreds of other companies utilizing their services. These companies should be vigilant, not solely of their own internal security but ensuring that the partners they work with undergo all the necessary checks as well.
This is an unfortunate exposure of sensitive personal information which the regulators will undoubtedly be taking interest in. In many cases, these kinds of incidents can be pinned down to a lack of security culture within an organisation. When there is a culture of security, all aspects of the business are scrutinized through a security lens. This would include adequate security testing, assurance, and monitoring controls, in addition to security awareness training for staff and robust procedures to support it all.
In today\’s day and age, all data is vitally important to secure, particularly information relating to individuals, their addresses, and any financial information. Criminals can use this information to launch targeted attacks against individuals which can be difficult to spot or recover from.