‘Biggest cyber risk is complacency, not hackers’ – UK Information Commissioner issues warning as construction company fined £4.4 million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber-attack by ignoring crucial measures like updating software and training staff.
cyber

The UK Information Commissioner has warned that companies are leaving themselves open to cyber-attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

An Interserve employee forwarded a phishing email, which was not quarantined or blocked by the Interserve’s system, to another employee who opened it and downloaded its content. This resulted in the installation of malware onto the employee’s workstation.

The company’s anti-virus quarantined the malware and sent an alert, but Interserve failed to thoroughly investigate the suspicious activity. If they had done so, Interserve would have found that the attacker still had access to the company’s systems.

The attacker subsequently compromised 283 systems and 16 accounts, as well as uninstalling the company’s anti-virus solution. Personal data of up to 113,000 current and former employees was encrypted and rendered unavailable.

To better safeguard people’s data, organisations must regularly monitor for suspicious activity and investigate any initial warnings; update software and remove outdated or unused platforms; update policies and secure data management systems; provide regular staff training; and, encourage secure passwords and multi-factor authentication.

Read more

Latest News

Read More

Untapping the potential of diversity

26 November 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

University of Greenwich – HRSalary: £45,163 to £55,295 per annum, plus £5400 London weighting pro rata per annum This provides summary information and comment on

Universities UK – Human ResourcesSalary: £21,441 to £24,474 per annum pro rata, dependant on experience This provides summary information and comment on the subject areas

Derby College GroupSalary: £39,748 per annum, pro rata (actual salary £32,229) This provides summary information and comment on the subject areas covered. Where employment tribunal

University of Oxford – NDM HR Centres of ExcellenceSalary: £34,982 to £40,855 per annum (pro rata) – Grade 6 This provides summary information and comment

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE