Recently the ICO reprimanded a company that suffered a ransomware attack.  The attack resulted in a data breach - learning lessons from real-life incidents is a valuable way to promote knowledge sharing and improve.

Key points to take from the reprimand are:

• Lack of multi-factor authentication
• Inadequate account lockout policy
• No clear Bring your own device policy
• Implementing a comprehensive set of policies

These are basic configurations/setups that are essentially free to implement and set up.  Had these controls been in place it could have significantly reduced the likelihood of a successful cyber attack.

The report also notes that the company held personal data for longer than was necessary and that there were not appropriate organisational measures in place to ensure confidentiality and integrity of their systems.

View the full reprimand details here:  ICO Reprimand Optionis Group Limited

We would advise all organisations however large or small to have these security measures in place as a step to being cyber resilient.

Our Knowledge Bank covers all of the above and more:
{article title="October is Cyber Security Awareness Month: 14. Access Control (MFA)"}[link][title][/link]
[readmore]{/article}
Records Management Best Practice Area
pdf DPE Model Bring Your Own Device Policy
(15 KB) Information & Cyber Security Best Practice Area
Review our Cyber Security Checklist (you will need a DPE subscription to be able to view):
{module title="Checklist: Cyber Security"}
{module title="Cyber Attack Advice"}