Cyberattacks are still big business and on the rise. Despite substantial increases in cybersecurity spending, many businesses aren’t taking enough action to mitigate their risks. While a significant data breach in itself is a scary concept, the costs of inaction and the subsequent charges associated with investigations, penalty fines and reputational damage should worry you even more.
Interserve Fined £4.4m for Failing to Prevent Employee Data Breach
In October 2022, the Information Commissioner’s Office (ICO), Britain’s data regulator, fined Interserve Group £4.4m for failing to put appropriate security measures in place to prevent a cyber-attack. The Berkshire-based infrastructure and professional services company experienced a data breach that exposed the personal and financial information of up to 113,000 employees. When applying the penalty, the ICO said that Interserve broke data protection law and failed to put appropriate technical and organizational measures in place to prevent unauthorized access to the information. The consequences of this data breach are a firm reminder that businesses need to make data security a priority and ensure they implement appropriate staff training and follow-up on security alerts.
Interserve’s Data Breach Examined
Interserve’s data breach occurred when an employee received a phishing email and forwarded the message to another employee who downloaded the contents. This resulted in malware being installed onto that employee’s workstation. The attacker was then able to compromise 283 systems and 16 accounts at Interserve, as well as disable the company’s anti-virus solution. The attacker gained access to the personal data of up to 113,000 current and former employees.
This data included personally identifiable information (PII) such as contact details, national insurance numbers, and bank account details, as well as special category data such as ethnicity, religion, details of disabilities, sexual orientation, and personal health information. According to John Edwards, the UK Information Commissioner, this breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to identity theft and financial fraud. The attacker then encrypted the employees’ information and rendered it unavailable to the organization.
During their investigation, the ICO found that Interserve’s anti-virus software had quarantined the malware and sent an alert, but the company failed to thoroughly investigate the suspicious activity. They also found that Interserve was using outdated software systems and protocols and had inadequate staff training and insufficient risk assessments, which ultimately left them vulnerable to this cyber-attack.
Edwards gave a firm warning to other companies, saying: “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.”
How Do Businesses Avoid a Data Breach Like This?
Cybersecurity is a long-term investment. It is not a quick fix that can simply be solved with investment in security software. Data protection requires a measured approach that assesses and blocks the gaps in your security posture. Businesses should also implement good data handling practices, such as Zero Trust data access policies and employee training.
While we don’t know what security processes Interserve had in place at the time of the breach, we do know that they failed to adequately raise staff awareness of cybersecurity risks and did not appropriately follow up on security alerts and notifications. Interserve may have even had a solid role-based access policy, ensuring that only privileged users had access to sensitive employee data. But that security was ineffective as soon as one of their privileged user accounts became compromised.
A data breach like this could have been avoided with just a handful of risks being addressed. The questions that any organization needs to ask itself include:
- Where is sensitive information stored?
- Is this sensitive information appropriately protected?
- Who has access to these files and folders?
- Who is accessing, modifying, or removing the sensitive files?
- Are we reviewing security incident alerts and reports?
Using NC Protect to Protect Sensitive Data
NC Protect can help organizations that cannot readily answer these questions. NC Protect can identify sensitive data assets and protect those files with a combination of encryption and a robust attribute-based access policy that not only considers the user’s role within an organization, but the context under which they are accessing the sensitive data. The product audits user activity, such as file read, write, save and delete actions, and failed access attempts.
NC Protect can also be implemented without significantly changing the way your users access their data. It augments traditional data security by acting as an additional layer of protection between the user and the data. There is no additional software to install on your devices, no need to move files to a new platform, or any requirement to change user permissions. NC Protect is simple to set up, quick to deploy and adaptable to organizations of various sizes and complexities.
NC Protect supports a broad scope of Microsoft content management and collaboration platforms, including Microsoft 365, SharePoint Online, Teams, OneDrive and Exchange, as well as on-premises data stored on File Servers and SharePoint. With broad coverage of data repositories and supported files, NC Protect can reduce administrative overhead too. A single security policy can enforce the protection of sensitive data across multiple applications, file formats and access scenarios.
Avoid Data Security Complacency with these Five Simple Steps
Step 1: Identify Sensitive Information
The first step with any cybersecurity strategy is to identify where your most sensitive data files reside. This may be based on the file location, such as in an HR folder, or could be based on the contents of the file itself. NC Protect can scan a range of documents and images (Word, Excel, PowerPoint, PDF, TXT, CSV, CAD Files, PNG, TIGG, JPEG, etc.) to discover which ones contain sensitive information. It can then automatically classify the file based on the sensitivity level of its contents.
Step 2: Restrict Access to Sensitive Information
Once the sensitivity of the information has been established and documents are classified appropriately, you need to put policies in place to restrict access to the information accordingly. NC Protect does dynamically this using fine-grain attribute-based access control policies (ABAC). NC Protect policies can offer different actions depending on the state of the user and their environment and the sensitivity of the data. The policy enforcement has unique capabilities that not only prevent access but can also apply file-level protection. For example, an HR user may be authorized to access employee files, but only when they are using an authorized workstation, attached to the company network, during office hours. If the user does not meet this requirement, then they will not see the protected files as NC Protect dynamically trims the view for the user. There are no ‘access denied’ messages and a potential attacker isn’t inclined to bypass security controls in place as they can’t breach what they can’t see.
Step 3: Protect Data at Rest
You should also look to prevent unauthorized access from overprivileged users, such as administrators, who may be permitted to manage shared files and folders but should be restricted from opening and viewing their content. NC Protect can also encrypt data at rest, so as a sensitive file is saved or uploaded to the HR folder, it is automatically encrypted. The sensitive contents of the file are then scrambled and only visible to authorized users that match the NC Protect’s policy.
Step 4: Permissions Review
You should also regularly audit user permissions and access as users and roles can frequently change. Use NC Protect to run a permissions map scan to determine who has access to your Files, Folders and Site Collections. The results can be exported and sorted for review based on permissions by File, by User and by Guest access.
Step 5: Audit User Activities for Compliance
Finally, you should be sure to log access to all sensitive information to aid in compliance reporting and forensics, if needed. In addition to locating and classifying all sensitive and confidential information on-premises and in the Cloud, NC Protect also audits all access attempts to sensitive data for compliance. Activity can be reviewed in the administration console or exported and reviewed externally. NC Protect also integrates with Microsoft Sentinel and Splunk where this audit data can be used to configure alerts whenever unusual activity is detected. For example, if an attacker was to start encrypting employee files, then a real-time alert can be triggered as soon as a few files have been modified in a short space of time.
Get Proactive Data Breach Prevention
Discover how to leverage NC Protect for dynamic data discovery and classification, applying real-time ABAC protection and encryption, and auditing permissions and user activity to proactively protect sensitive information in Microsoft 365, SharePoint Server and File Shares.