Spoiler alert; it’s a trick question.
Unfortunately for recruitment portal provider, PageUp People, this week they lost both.
We mentioned in a previous blog how losing data affects much more than just the people who’s data has gone walkies, it severely affects the public perception of the business who allowed the breach to occur.
This week you will most likely have read about the significant data breach which affected PageUp People, in articles written by The Examiner in Tasmania as well as CRN on a national scale. Essentially, PageUp People are a software as a service (SaaS) provider who provide a job application portal for some of the nations largest companies, such as Telstra, Coles, Auspost and Medibank. It has unfortunately emerged this week that the software was infected by malware and thousands of job applicants data was left exposed.
Of course, as we mentioned in previous posts, due to updated GDPR legislation updates it has become mandatory for breaches to be reported, which in turn has lead to businesses exposing their poor cyber security policies to the world.
As a direct result from this breach there have already been several high-profile businesses who have chosen to cut their ties with PageUp People, a move which is sure to have immediate financial implications for the business. More importantly, however is the damage to the business’ reputation, which is sure to prove to be a major hurdle which they will need to overcome if they are to obtain new, large business clients.
Make no mistake, a breach like this can (and will, often) happen to businesses who act as a conduit or 3rd party provider for large businesses. It’s commonly known that a huge percentage of data breaches actually occur in the form of malware infections which enter the ‘mother’ business’ network via a ‘child’ business who have an inferior cyber protection system.
So, if we managed the IT infrastructure for the ‘mother’ businesses what would we do?
- Verify that the child business’ which they are engaging has the correct cyber security posture for your business and can demonstrate it
- Ensure that their own cyber protection policy is adequate.
- Be VERY selective with regard to the data which they require from customers – think: do we really need to obtain so much data from a job applicant at the very first stage of recruitment?
and what would we have advised for the ‘child’ or 3rd party business (PageUp People) in this instance?
- As they have access to high volumes of important data it is absolutely essential that they have a business grade cyber security solution that has the correct risk profile for their business.
- Choose industry best products and software to keep the business’ data safe. This would include considering how much of the data was required to be actively held and how much could be stored securely in cloud storage solutions and then called upon ONLY when required.
- Run regular ‘penetration tests’ to highlight, isolate and improve on weaknesses in their network.
If you are a business that uses 3rd party software providers then we urge you to follow our advice and ensure that your network is as secure as possible. Please engage Anderson Morgan to review your current infrastructure and make recommendations to help you avoid becoming the next PageUp People.