
ICO Reprimand: company suffered a ransomware attack
Recently the ICO reprimanded a company that suffered a ransomware attack. The attack resulted in a data breach - learning lessons from real-life incidents is a valuable way to promote knowledge sharing and improve.
Key points to take from the reprimand are:
The report also notes that the company held personal data for longer than was necessary and that there were not appropriate organisational measures in place to ensure confidentiality and integrity of their systems.
View the full reprimand details here: ICO Reprimand Optionis Group Limited
We would advise all organisations however large or small to have these security measures in place as a step to being cyber resilient.
Our Knowledge Bank covers all of the above and more:
{article title="October is Cyber Security Awareness Month: 14. Access Control (MFA)"}[link][title][/link]
[readmore]{/article}
Records Management Best Practice Area
pdf DPE Model Bring Your Own Device Policy
(15 KB) Information & Cyber Security Best Practice Area
Review our Cyber Security Checklist (you will need a DPE subscription to be able to view):
{module title="Checklist: Cyber Security"}
{module title="Cyber Attack Advice"}
Key points to take from the reprimand are:
- Lack of multi-factor authentication
- Inadequate account lockout policy
- No clear Bring your own device policy
- Implementing a comprehensive set of policies
The report also notes that the company held personal data for longer than was necessary and that there were not appropriate organisational measures in place to ensure confidentiality and integrity of their systems.
View the full reprimand details here: ICO Reprimand Optionis Group Limited
We would advise all organisations however large or small to have these security measures in place as a step to being cyber resilient.
Our Knowledge Bank covers all of the above and more:
{article title="October is Cyber Security Awareness Month: 14. Access Control (MFA)"}[link][title][/link]
[readmore]{/article}
Records Management Best Practice Area
pdf DPE Model Bring Your Own Device Policy
(15 KB) Information & Cyber Security Best Practice Area
Review our Cyber Security Checklist (you will need a DPE subscription to be able to view):
{module title="Checklist: Cyber Security"}
{module title="Cyber Attack Advice"}