Story image

News Corp's email bungle a harsh lesson in data privacy

04 Dec 2018

News Corp Australia certainly found itself on the receiving end of the media spotlight again last week, after a staff member accidentally sent a confidential email to 157 employees. That email shared details of redundancy payouts and salaries relating to the firm’s fsenior staff who have either left the firm or are leaving.

The bungle, which News Corp claims was due to ‘human error’, demonstrates just how damaging those errors can be – especially at a time when its employees are already facing the prospect of losing their jobs.

The email shared details of a $210,000 redundancy entitlement to The Australian’s contributing economics editor Judith Sloan, as well as her $357,000 salary. Three other senior employees would also get payouts worth a combined total of $427,000.

According to Egress Software Technologies CEO Tony Pepper, the incident highlights just how much of a negative impact such ‘human errors’ can have on staff – particularly when they show someone else’s salary.

"Taking a user-centric approach will ensure that every employee is as security savvy as they need to be, through education on how to correctly handle sensitive information. While it appears that this data was shared accidentally internally, it emphasises how much of a negative impact it could have on staff, especially when someone else’s financial information has been revealed,” says Pepper.

"It also highlights the need for organisations to prioritise accidental – and malicious – insider threats, in addition to the risk of outsiders obtaining information. Both present real risks to internal security, but internal threats have perhaps been fundamentally underestimated.

"In the UK, this has been supported by the most recent report from the Information Commissioner’s Office (ICO) into reported data security incidents, and how they were caused. Drilling into the statistics, it revealed that most data breach incidents are down to people, processes and inadequate policies. These frequently involve internal users making mistakes, including the incorrect disclosure of data. This accounted for 62% of all data breach incidents that occurred between July and September 2018.

"The user is the only constant across all information systems and technology, so comprehensive data security needs to surround the user, providing the tools they need to protect sensitive information on a day-to-day basis, in a simple, easy to use way. Traditional solutions to prevent data breaches can’t stop someone from accidentally sending an email to the wrong recipients.

"Therefore, organisations should prioritise providing education and awareness for staff, whilst also making sure users have the technology in place, such as A.I. and Machine Learning (ML). These smart technologies can now recognise email patterns and highlight anomalies; in this case, preventing the user emailing over 150 employees in one email.

"This level of support will help to not only mitigate the risks of accidentally or maliciously sharing data but help to better secure and control access to confidential information,” Pepper concludes.

Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.
How CIOs can work with colleagues to drive new competitive advantages
"If recent history has taught us anything, it’s that the role of the CIO is always changing, and that it won’t stop changing anytime soon."