Newsletter - August 2023

Newsletter - August 2023

We've observed a number of data breaches over the last month.

First, there was the incident with the Electoral Commission, where data from its registers was unfortunately stolen. Then, data was leaked from various police forces, and there have been rumors of similar occurrences elsewhere. These incidents follow other major breaches in prior months, such as the Capita ransomware attack and data breach, as well as the concerning hacking of Microsoft's private encryption keys.

It would be easy to focus solely on the negative aspects of these breaches and point out the flaws that led to them. Some of these incidents resulted from human errors, such as inadvertently sending sensitive data that shouldn't have been included. Others have been labeled as 'more sophisticated,' but I'm sure a detailed analysis would reveal vulnerabilities in some unpatched or exposed systems at the core of these issues.

At what point do we acknowledge that the approaches many of us have in place aren't entirely effective to protect the individual?

When an organization loses data, they can face fines, offer apologies, and strive to improve. They usually carry on. But when my data is leaked, what real recourse do I have as an individual? I can complain, but my data has gone.  Lost.  There's often little I can do to change the situation. So while organizations endure the short-term consequences of data breaches, it's individuals and families who bear the long-lasting impact.

I don't have all the answers here, I'm afraid. I just worry that the evidence suggests that our current approach may not be as effective as it needs to be.

 

Also this month...

How to perform a security risk assessment.

 A security risk assessment could be the worst thing you ever do. Trying to list things that could go wrong can be intimidating, and leave you either terrified or too numb to improve. 

To find out more click here How to perform a security risk assessment. – Reconfort

 

How to write a security policy.

An information security policy is important.  But what is it, and what should be included?

In it's simplest form, your policy contains the rules for your organisation around information security.  It's a way of your Board setting expectations for others to implement.

The content of these rules can depend on your industry industry and applicable regulation . 

Read more here How to write an information security policy. – Reconfort

Back to blog