Weekly Cyber Update February 8th

Microsoft Azure Breach Leads to Student Data Exposure 

Researchers and Clario published a report which outlined how an open Microsoft Azure repository indexed by a public search engine which needed no authentication had been found.

Once found, due to there being no authentication process in place, the data it held would be easy to access.

As a result, the account details and personal information of British council students had been exposed. The personal data that has been exposed include full names, email addresses, student I.D numbers and enrolment details,

The British Council published the following statement:

“Upon becoming aware of this incident, where the data was held by a third-party supplier, the records in question were immediately secured, and we continue to look into the incident in order to ensure that all necessary measures are and remain in place.

“We have reported the incident to the appropriate regulatory authorities and will fully cooperate with any investigation or further actions required.”

The data subjects that have been victim to this breach have been notified, and informed that as a result they may be more exposed to phishing and email scams. If you have been victim to a data breach, the NCSC has published guidance on how you can protect yourself, which you can find here.


Research shows cyber risk from working from home

Working from home became commonplace as the Pandemic began in 2020, and has since been adopted by many organisations, and it appears that working from home will be employed beyond the pandemic. As more and more people are working from home, it’s important that we are aware of how we can best protect ourselves against cyber attacks.

Software provider DIligent have published a survey of 450 senior finance and risk professionals which shockingly found that UK businesses had lost £374 million in 2021 due to cyber breaches largely linked to working from home.

Of the people that responded to the survey, 64% had stated that their organisations had been victim to a cyberattack in the last 18 month, and 82% had stated that issues relating to tech, or behaviour linked to working from home was the cause. 75% said they had lost money as a result.

It’s vital therefore, that as we implement working from home as a long term working lifestyle that we become as aware and protected against cyber attacks at home, as we are in the office. Unique security protocols that are aligned with the risks associated with working from home need to similarly become commonplace, and the NCSC has published various resources which we can use to inform and outline the steps we can take going forward. The relevant resources will be linked below.

The NCSC’s Working from Home Guidance

‘Top Tips for Staff’ E-Learning training package


You can also assess your organisation’s defences against a cyber attacks linked to working from home by using their free Exercise in a Box Toolkit.