Story image

News Corp's email bungle a harsh lesson in data privacy

04 Dec 2018

News Corp Australia certainly found itself on the receiving end of the media spotlight again last week, after a staff member accidentally sent a confidential email to 157 employees. That email shared details of redundancy payouts and salaries relating to the firm’s fsenior staff who have either left the firm or are leaving.

The bungle, which News Corp claims was due to ‘human error’, demonstrates just how damaging those errors can be – especially at a time when its employees are already facing the prospect of losing their jobs.

The email shared details of a $210,000 redundancy entitlement to The Australian’s contributing economics editor Judith Sloan, as well as her $357,000 salary. Three other senior employees would also get payouts worth a combined total of $427,000.

According to Egress Software Technologies CEO Tony Pepper, the incident highlights just how much of a negative impact such ‘human errors’ can have on staff – particularly when they show someone else’s salary.

"Taking a user-centric approach will ensure that every employee is as security savvy as they need to be, through education on how to correctly handle sensitive information. While it appears that this data was shared accidentally internally, it emphasises how much of a negative impact it could have on staff, especially when someone else’s financial information has been revealed,” says Pepper.

"It also highlights the need for organisations to prioritise accidental – and malicious – insider threats, in addition to the risk of outsiders obtaining information. Both present real risks to internal security, but internal threats have perhaps been fundamentally underestimated.

"In the UK, this has been supported by the most recent report from the Information Commissioner’s Office (ICO) into reported data security incidents, and how they were caused. Drilling into the statistics, it revealed that most data breach incidents are down to people, processes and inadequate policies. These frequently involve internal users making mistakes, including the incorrect disclosure of data. This accounted for 62% of all data breach incidents that occurred between July and September 2018.

"The user is the only constant across all information systems and technology, so comprehensive data security needs to surround the user, providing the tools they need to protect sensitive information on a day-to-day basis, in a simple, easy to use way. Traditional solutions to prevent data breaches can’t stop someone from accidentally sending an email to the wrong recipients.

"Therefore, organisations should prioritise providing education and awareness for staff, whilst also making sure users have the technology in place, such as A.I. and Machine Learning (ML). These smart technologies can now recognise email patterns and highlight anomalies; in this case, preventing the user emailing over 150 employees in one email.

"This level of support will help to not only mitigate the risks of accidentally or maliciously sharing data but help to better secure and control access to confidential information,” Pepper concludes.

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.