A data fail left banks and councils exposed by a quick Google search

Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Cybersecurity experts reacted below on this news and the importance of a data loss prevention system.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
September 10, 2020 6:36 am

This really highlights the importance of cyber hygiene in the supply chain. Metro Bank may have great security practice, but it only takes one weak link in the system to cause a breach like this one. Most breaches are easily mitigated by basic cyber hygiene practices such as using strong password protection and making sure software is up to date. By following cyber hygiene standards an organisation isn\’t just protecting their data and those of their customers, they are helping to create a safer digital space for all of their partners and vendors too.

Last edited 2 years ago by Jamie Akhtar
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
September 8, 2020 2:45 pm

This exposure is troubling as the public trusts banks to safeguard their information. It highlights that trust is dependent on every single security action, and the importance of using trusted service partners in the supply chain – while the attack was targeted at Virtual Mail Room, the impact ripples across to hundreds of other companies utilizing their services. These companies should be vigilant, not solely of their own internal security but ensuring that the partners they work with undergo all the necessary checks as well.

Last edited 2 years ago by Niamh Muldoon
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
September 8, 2020 2:40 pm

This is an unfortunate exposure of sensitive personal information which the regulators will undoubtedly be taking interest in. In many cases, these kinds of incidents can be pinned down to a lack of security culture within an organisation. When there is a culture of security, all aspects of the business are scrutinized through a security lens. This would include adequate security testing, assurance, and monitoring controls, in addition to security awareness training for staff and robust procedures to support it all.

In today\’s day and age, all data is vitally important to secure, particularly information relating to individuals, their addresses, and any financial information. Criminals can use this information to launch targeted attacks against individuals which can be difficult to spot or recover from.

Last edited 2 years ago by Javvad Malik
3
0
Would love your thoughts, please comment.x
()
x