Story image

News Corp's email bungle a harsh lesson in data privacy

04 Dec 2018

News Corp Australia certainly found itself on the receiving end of the media spotlight again last week, after a staff member accidentally sent a confidential email to 157 employees. That email shared details of redundancy payouts and salaries relating to the firm’s fsenior staff who have either left the firm or are leaving.

The bungle, which News Corp claims was due to ‘human error’, demonstrates just how damaging those errors can be – especially at a time when its employees are already facing the prospect of losing their jobs.

The email shared details of a $210,000 redundancy entitlement to The Australian’s contributing economics editor Judith Sloan, as well as her $357,000 salary. Three other senior employees would also get payouts worth a combined total of $427,000.

According to Egress Software Technologies CEO Tony Pepper, the incident highlights just how much of a negative impact such ‘human errors’ can have on staff – particularly when they show someone else’s salary.

"Taking a user-centric approach will ensure that every employee is as security savvy as they need to be, through education on how to correctly handle sensitive information. While it appears that this data was shared accidentally internally, it emphasises how much of a negative impact it could have on staff, especially when someone else’s financial information has been revealed,” says Pepper.

"It also highlights the need for organisations to prioritise accidental – and malicious – insider threats, in addition to the risk of outsiders obtaining information. Both present real risks to internal security, but internal threats have perhaps been fundamentally underestimated.

"In the UK, this has been supported by the most recent report from the Information Commissioner’s Office (ICO) into reported data security incidents, and how they were caused. Drilling into the statistics, it revealed that most data breach incidents are down to people, processes and inadequate policies. These frequently involve internal users making mistakes, including the incorrect disclosure of data. This accounted for 62% of all data breach incidents that occurred between July and September 2018.

"The user is the only constant across all information systems and technology, so comprehensive data security needs to surround the user, providing the tools they need to protect sensitive information on a day-to-day basis, in a simple, easy to use way. Traditional solutions to prevent data breaches can’t stop someone from accidentally sending an email to the wrong recipients.

"Therefore, organisations should prioritise providing education and awareness for staff, whilst also making sure users have the technology in place, such as A.I. and Machine Learning (ML). These smart technologies can now recognise email patterns and highlight anomalies; in this case, preventing the user emailing over 150 employees in one email.

"This level of support will help to not only mitigate the risks of accidentally or maliciously sharing data but help to better secure and control access to confidential information,” Pepper concludes.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.