While organisations tend to invest first and foremost in protecting critical business data from external cyber-attacks, the recent data breach impacting Newcastle City Council, wherein the details of thousands of adopted children were leaked when a party invitation was sent out, has highlighted the importance of considering an ongoing human-centric security approach in every data protection strategy. Carl Leonard, principle security analyst at Forcepoint comments.
It’s no secret that maintaining complete control over critical business data is a significant challenge facing businesses from all sectors today. In a shifting technology landscape, organisations have little visibility into how and where their critical business data is used as it sprawls across company-owned, employee-owned devices and hosted applications. When that data relates to vulnerable children, the importance of maintaining control of the data is even higher.
It’s good to see that Newcastle City Council is instigating a review of processes, and we encourage businesses to anticipate all scenarios of how data can leave an organisation, and implement the necessary mitigatory controls. This will be a mix of regular, enforceable employee training and security technology. Attaching the incorrect file to an email is a common mistake, in fact the ICO’s most recent report shows that 11% of data breaches were caused by just this scenario, one of the top six most common causes.
The council will likely have asked employees not to send out confidential data out via email attachments, but human error does occur, and accidents will happen. By adding data loss prevention technology to enforce these principles, you can manage the human point of weakness in the security chain and can make informed decisions on security whilst safeguarding critical data and personal data, such as the adopted children’s database in this case.