Don’t make the same mistake
After the normal fines for spam emails and ignoring the TPS, the ICO had a more “interesting” breach of data protection to investigate.
Interserve Limited, the parent company for a group of construction companies has been hit with a £4.4 million fine after an employee opened a phishing email allowing a hacker access to the personal data of 113,000 employees including special category data.
Interserve failed to take appropriate security steps to protect personal data when they implemented working from home as a result of the pandemic. This meant the phishing email was not picked up by their secure email gateway, which had been designed to restrict access by employees to malicious sites.
The employee downloaded a zip file from the email which meant the hacker could compromise 283 systems and 16 accounts, uninstall anti-virus software and encrypt 4 HR databases making them unavailable!
The pandemic caused a lot of companies to implement working at home, and for some, this meant the business survived. But any change needs planning and careful thought to ensure it still protects your business and your employees.
Interserve is an extreme example of what can happen if you fail to properly deal with changes in your business, so if you’re considering any changes to the way you do things and what to make sure you don’t miss any consequences…