Very recently, a data breach was reported at the National Lottery Community Fund, but at the time few details were made available.
It has now been revealed that the data breach was due to 2 unencrypted disks being identified as missing from a secure, access-controller area. NLCF are unable to confirm if the disks have been lost, stolen or destroyed.
So what can we all learn from this? Perhaps:
- Have a clear policy on the use (or not!) of unencrypted storage devices (disks, USB stocks, removable drives, etc)
- Support this policy with staff training and regular awareness raising
- Make sure the policies and training include third parties with access to secure areas, e.g. external IT providers
- Consider Cyber Essentials or another IT security accreditation
If this raises issues for you and your organisation, remember you can book a free 20-minute insight call most Fridays to talk through this or any other issue. You can book online here.