Lessons for employers following major data breach

-

A recent data breach at several major firms has left tens of thousands of employees’ personal data exposed to hackers, including contact and bank details.

The breach occurred, in basic terms, via a third-party software vulnerability—which can also be referred to as a supply chain attack.

The software produced by Progress Software (MoveIT) had a ‘Zero Day Vulnerability’ (a vulnerability that has no current mitigation or fix available from the vendor) which was exploited by a suspected Russian-speaking malicious threat actor; Clop. They used the vulnerability to deploy ransomware on several organisations including the BBC, British Airways, Aer Lingus, and Boots.

Alastair Brown, Chief Technical Officer at BrightHR, explains how businesses can limit the risk of such breaches occurring within their workplaces:

“Defending against Zero Day threats can be a challenge. Knowledge is usually scarce given the ever-changing nature of hacker attacks, however, that doesn’t mean that they are impossible to defend against.

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

“Detection technologies are adaptable, self-learning, and consistently able to detect anomalies and odd behaviour within an environment, which can offer protection against Zero Days. Security vendors react extremely quickly to analyse threat information and release detection and mitigation steps to their customers. But in some cases, this could take 24-48 hours. So, businesses need to have some mitigating steps in place too.

“Employers should ensure they have a good knowledge of the Data Protection Act 2018 and what it means when handling personal data. Train employees on all aspects of data handling, how to identify the risk of a breach and ways to prevent data breaches from happening. Have processes in place requiring employees to notify of any possible data breaches so they can be addressed properly.

“Where a breach occurs, you will probably need to notify the data subjects as well as the ICO. This will be dependent upon the extent of risk caused to the data that has been breached.

“All businesses should have a robust and tested business continuity plan/disaster recovery plan in place, along with a proven and validated endpoint protection solution.

“The take-home message from this most recent attack is that whenever outsourcing any function, employers must ensure that the contracted company meets all their legal obligations and can evidence the robust measures they have in place to protect data.

“Carry out due diligence processes as part of the contracting process to ensure that the provider you choose is the best option. Ask to see the processes in practice. Ultimately, each employer is responsible for ensuring data compliance, so you need to be confident that suppliers are not compromising your business and putting your data at risk.”

Amelia Brand is the Editor for HRreview, and host of the HR in Review podcast series. With a Master’s degree in Legal and Political Theory, her particular interests within HR include employment law, DE&I, and wellbeing within the workplace. Prior to working with HRreview, Amelia was Sub-Editor of a magazine, and Editor of the Environmental Justice Project at University College London, writing and overseeing articles into UCL’s weekly newsletter. Her previous academic work has focused on philosophy, politics and law, with a special focus on how artificial intelligence will feature in the future.

Latest news

Jeanette Wheeler: Your transformation programmes are stalling on alignment, not budget

Most leaders assume their next big change programme will succeed or fail based on budget or the right technology. Those things are rarely what stops progress.

Return to the office ‘has not rebuilt workplace connections’

Research suggests increased office attendance has not restored workplace relationships, with many employees continuing to experience loneliness and disconnection.

Sheila Attwood on the cost-of-living squeeze

"Employers are under pressure to go further to support employee living standards."

NHS plans rewards for 30-minute daily walking challenge

New incentives are designed to encourage healthier habits and increase physical activity as part of England's 10-year health plan.
- Advertisement -

England’s overnight World Cup clash and 5am pub opening prompt CIPD advice

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

Must read

The future of the workplace must be lead by HR

Raj Krishnamurthy discusses the rise of active based working and how the future of the workplace must be lead by HR.  

David Freedman: Is service the new sales?

A recent study of senior sales and marketing executives...
- Advertisement -

You might also likeRELATED
Recommended to you