Sometimes a cyber incident is not a cyber attack and what you can do to stop it.

Sometimes a cyber incident is not a cyber attack and what you can do to stop it.

Clive Catton Clive Catton

Clive Catton

Cybersecurity starts in the boardroom

发布日期: 2022年12月16日
+ 关注

The loss of control of your information and it getting into the public domain is not always a cyber attack – many times it is simply a mistake by your team. It has happened to the Australian telecommunications company Telstra:

Telstra sorry for publishing up to 130,000 customers’ details online | The Guardian

In this case the people working on a backend database made a mistake which exposed unlisted data on a public facing system. Australia has seen a number of high profile cyber attacks recently, with Medibank and Optus being hacked and the personal information of millions of customers being exposed or even posted on the Dark Web. However a simple mistake by a team member can be just a devastating for the customer whose information is exposed.

It happens to councils and police forces in the UK who accidentally release citizen’s personally identifiable information into the public domain.

Suffolk Police apologies after publishing highly sensitive information on its website – UPDATED

Bedfordshire Council is sorry – well that’s OK then! Advice on CIA, AAA and Policies and Procedures – Smart Thinking Solutions

领英推荐

Remember once the confidential information is on the internet, no matter how sincere your apology is, it is next to impossible to delete it. You may fix the original leak but you do not know who copied that data and what they plan to do with it?

What should you do?

Here are two quick things I always start with when working with clients:

  • I check who has access to what information. It is an unusual case if we?DO NOT?find that highly sensitive data is available to people who have no need of it in their daily duties. Most times it is an easy fix to correct this.
  • I check that the team has been trained in the organisation’s policy on sharing information marked as sensitive, with the line manager responsible for controlling that information. A simple written policy is not sufficient.

Act now before you let slip sometime you need to keep secret.

Want to know more?

要查看或添加评论,请登录

Clive Catton的更多文章

  • When technical cyber security fails you…
    2025年3月3日

    When technical cyber security fails you…

    It is not unreasonable to say that ransomware is at epidemic levels, report after report says that malware, ransomware…

  • My Valentine is a Geek…
    2025年2月10日

    My Valentine is a Geek…

    Having done Groundhog Day and Cyber Security, it looks like it is me who is going to have to squeeze IT Support into…

  • Get Organised – Business Continuity and Recovery
    2025年2月3日

    Get Organised – Business Continuity and Recovery

    As the first month of 2025 draws to a close I am going to add one more article to Diana’s “Get Organised” project, this…

  • Email Encryption
    2025年1月27日

    Email Encryption

    Today’s Wednesday Bit is a guest article by Martin from Octagon Technology, looking at email encryption and Microsoft…

  • Threat Actors want your Microsoft 365 Credentials
    2025年1月20日

    Threat Actors want your Microsoft 365 Credentials

    Many of my cyber security investigations have involved the compromise of Microsoft 365 credentials. These are a…

  • It is real, Windows 10 is going!
    2025年1月13日

    It is real, Windows 10 is going!

    Our team over at Octagon Technology have been talking about this for over a year – Microsoft is really doing away with…

  • Back-to-Basics – A Phishing Email Primer
    2024年12月9日

    Back-to-Basics – A Phishing Email Primer

    I am having a break this week from the “Wednesday Bit”, but what I do have for you is my today is my completed Phishing…

  • When paperwork is paperwork!
    2024年12月2日

    When paperwork is paperwork!

    Last week I wrote about the paperwork associated with a well-run BYOD project and policy. Although I spoke about…

  • Your BYOD Policy – Keeping the Paperwork Straight (pt.6)
    2024年11月25日

    Your BYOD Policy – Keeping the Paperwork Straight (pt.6)

    So, you have decided that Bring Your Own Device (BYOD) is something that you can work with – rather than something that…

    1 条评论
  • Cyber Security Awareness Training – Why?
    2024年11月18日

    Cyber Security Awareness Training – Why?

    I am working on two IT and Cyber Security Audits – and I could not get Diana to fill in for me for “The Wednesday Bit”…

社区洞察

其他会员也浏览了