Sage Data Breach 2016: what you need to know
Sage – one of the UK’s leading accounting & payroll software providers has confirmed that bank, salary & personal data relating to employees of about 280 UK firms was compromised in the last few weeks.
The exact details & scope of the compromise are yet unclear as the incident is being investigated by the police, but it is possible that personal financial data including bank details of thousands of people may have been stolen in the attack.
Sage has confirmed that the breach occurred using an ‘internal’ login.
What should you do?
The scope of this answer is a full IT security audit, but there are a few quick things you can do to improve your security. You could start by reviewing our general internet safety tips.
If you are a Sage customer – contact Sage to check whether your account & data is at risk.
Monitor your bank accounts for suspicious activity. Set up account alerts to be delivered to you by SMS or email if your bank provides this facility.
Ensure that you have implement good security within your own business – ensure that you have up to date anti-malware on your computers that is monitored by your security team (or an outsourced IT security provider) for breaches and attacks.
Ensure that your network is protected by a perimeter firewall that is monitored for attacks.
Have your network security reviewed by reliable IT professionals.
Implement a secure Identity & Access Management solution.
Ensure that your employee access rights are set up correctly and audited regularly – staff access rights should be limited to what they need to access, and nothing more. Also ensure that all user accounts are audited regularly and disabled and removed when not in use. Most organisations have a fairly good ‘new starter’ policy and frequently have a very poor policy for what to do when an employee leaves, and this is a common source of data breaches. Ensure that account access is restricted & terminated promptly and that you have a well-documented policy to cover this.
Have secure passwords & multi-factor authentication.
Monitor all your systems for anomalous behaviour & access.
Incident response: even with the best security planning & execution, things can still go wrong. Ensure that your staff know how to deal with a suspected breach or compromise. All of this would be part of a solid InfoSec Policy.
This list could go on & on but our main recommendation is that you think about Information Security BEFORE you have an expensive, reputation-damaging & potentially disastrous data breach – don’t become a statistic!