The Cornwall council accidentally published the personal details of five schoolchildren in publicly accessible meeting documents. Cornwall Council has apologized for the data breach, including their names, addresses, and dates of birth. It made the error when it published online documents for a meeting of its School Transport Appeals Committee.
Once data is exposed, it can fuel future cyber-attacks if it ends up in the wrong hands. The fact that data such as names, schools, home addresses, and dates of birth have all been revealed is concerning, as it could be used for extremely targeted social engineering attacks on the families involved.
In the modern day and age, it’s crucial that all organisations work hard to ensure that sensitive data remains secure and protected. Organisations in every sector are now increasingly reliant on digital technologies to deliver their services, and it’s crucial that staff are properly trained on how to use systems to help prevent breaches, and that their skills are regularly tested. By participating in security awareness training, staff can learn to report possible security threats, follow company IT policies, and best practices and adhere to any applicable data privacy and compliance regulations such as the GDPR, PCI DSS and HIPAA – helping them to avoid incidents like this.
This highlights that it is not just standard cybersecurity training that is desperately required by more organisations but general data handling too. Serious privacy and security problems come from human error and this has been overlooked in multiple examples where organisations simply assume they can cut corners and hope their employees are up to date and fully aware of protocol or simply what is required from them in terms of data handling. Cybersecurity training shouldn’t be left to a simple tick in a box, once a year exercise and decision makers need to think about conducting it within the onboarding process as a priority.