SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
News Corp's email bungle a harsh lesson in data privacy
Tue, 4th Dec 2018
FYI, this story is more than a year old

News Corp Australia certainly found itself on the receiving end of the media spotlight again last week, after a staff member accidentally sent a confidential email to 157 employees. That email shared details of redundancy payouts and salaries relating to the firm's fsenior staff who have either left the firm or are leaving.

The bungle, which News Corp claims was due to ‘human error', demonstrates just how damaging those errors can be – especially at a time when its employees are already facing the prospect of losing their jobs.

The email shared details of a $210,000 redundancy entitlement to The Australian's contributing economics editor Judith Sloan, as well as her $357,000 salary. Three other senior employees would also get payouts worth a combined total of $427,000.

According to Egress Software Technologies CEO Tony Pepper, the incident highlights just how much of a negative impact such ‘human errors' can have on staff – particularly when they show someone else's salary.

"Taking a user-centric approach will ensure that every employee is as security savvy as they need to be, through education on how to correctly handle sensitive information. While it appears that this data was shared accidentally internally, it emphasises how much of a negative impact it could have on staff, especially when someone else's financial information has been revealed,” says Pepper.

"It also highlights the need for organisations to prioritise accidental – and malicious – insider threats, in addition to the risk of outsiders obtaining information. Both present real risks to internal security, but internal threats have perhaps been fundamentally underestimated.

"In the UK, this has been supported by the most recent report from the Information Commissioner's Office (ICO) into reported data security incidents, and how they were caused. Drilling into the statistics, it revealed that most data breach incidents are down to people, processes and inadequate policies. These frequently involve internal users making mistakes, including the incorrect disclosure of data. This accounted for 62% of all data breach incidents that occurred between July and September 2018.

"The user is the only constant across all information systems and technology, so comprehensive data security needs to surround the user, providing the tools they need to protect sensitive information on a day-to-day basis, in a simple, easy to use way. Traditional solutions to prevent data breaches can't stop someone from accidentally sending an email to the wrong recipients.

"Therefore, organisations should prioritise providing education and awareness for staff, whilst also making sure users have the technology in place, such as A.I. and Machine learning (ML). These smart technologies can now recognise email patterns and highlight anomalies; in this case, preventing the user emailing over 150 employees in one email.

"This level of support will help to not only mitigate the risks of accidentally or maliciously sharing data but help to better secure and control access to confidential information,” Pepper concludes.