Approachable | Dedicated | Accountable | Professional | Trustworthy
A £4,400,000 fine for complacency towards cybersecurity has been issued to Interserve, a construction company based in Berkshire.
The personal data of 113 thousand employees was exposed to hackers through a phishing email, as the company failed to put in place appropriate measures to prevent a cyber attack.
This comprised data included personal information such as contact details; national insurance numbers; and bank account details, as well as special category data including ethnic origin; religion; details of any disabilities; sexual orientation; and health information.
The fine was issued by the Information Commissioner’s Office, which is the UK’s independent regulator for data protection and information rights law. They identified that many areas of Interserve’s cybersecurity practices fell short of the legal standard of care required, including:
- Using outdated operating systems;
- Inadequate protection at the endpoint;
- No evidence of penetration testing in the past two years;
- A lack of information security training for employees; and
- Inadequate incident investigation by the information security team
John Edwards, the UK’s Information Commissioner, commented:
“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.
“Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”
Are you being complacent towards cybersecurity? We recommend reviewing your cybersecurity policy to make sure you are doing all you can to protect the data of your employees and customers.
To help businesses understand the risks of cyber attacks, we are offering a free assessment of your IT estate. Our engineers will analyse your network; identifying any vulnerabilities and making recommendations for any necessary enhancements. Book your free audit now. Just click the button below, select the IT Estate Audit from the dropdown, and choose your preferred date.