Don’t assume hacking is skilled crime. Anyone can do it.
In 2016, broadcaster Ofcom was facing a disaster of almost catastrophic proportions.
Overnight, the six years of sensitive corporate data walked out the company door with an employee looking to boost his career prospects with UKTV, a major competitor. The real magnitude of this leak was reported to be massive, the cache was described as holding extensive sensitive financial data of customers and business partners.
The leak was discovered when UKTV announced that they would be forfeiting the data and wiping all traces from internal hardware. For the moment, the leak has been stymied.
Compulsory disclosure legislation in Australia and the UK dictates that companies must disclose a breach to affected individuals. Whilst it was unlikely that the data was leaked beyond UKTV, Ofcom can never be certain. They had to publicly disclose.
In events such as these, it is feasible for data cache to be found years later on the black market.
This incident demonstrates the necessity to keep data accessible on a strictly need-to-know level. Take a moment to consider how much data your staff have access too. If even one of your low to mid-level staff had their accounts hacked, what sort of information, customer and internal data would fall into criminal hands?
Ofcom is only one such example. These low-tech crimes are exceedingly common and can impact any business size.
“A vast number of data breaches are due to insiders, malicious or otherwise. The root of the problem is that most employees have access to far more information than they need to do their jobs… Low-level workers often have access, and make off with highly sensitive information, often without anyone knowing… Organisations have to start doing a better job of tracking and analysing how users use data, profiling their roles and behaviours, mapping and reducing unwanted access, discovering sensitive data and locking it down or moving it out of harm’s way.” – David Gibson- Varonis
It’s essential for companies to have full visibility of their networks and exercise strict access control policies by ensuring data is classified and auto classified as it’s created. Indeed, by continuously monitoring the network, businesses can identify abnormal activity – such as downloading large batches of sensitive data – thereby reducing your liability to undergo a catastrophic data leak.
As I.T. specialists, we have the tools to help you maintain, secure and control your network. Wiping company devices before they leave your business and be alerted by suspicious activity instantly.
Talk to us today about fortifying your organisation against these threats and much more.
Learn more at ems.cloudmadesimple.com.au