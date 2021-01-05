Comment: Hackney council files including alleged passport documents leaked online after cyber

“Once a data breach has occurred, and the data has been exfiltrated, no amount of ransom payment can guarantee that all copies of the data will be securely destroyed. For this reason it is critical that all organisations invest appropriately in their cyber defences and wherever possible that they have their approach validated by trusted independent third parties.

As well as technical controls, such as next-generation anti-malware and web access security solutions, it is critical to ensure that staff are properly trained to prevent breaches, and that their skills are regularly tested. Secure and trusted backups of course are also essential for recovery against a ransomware attack, but unfortunately that would not help in the case of a release of stolen data.

Understanding the criticality and sensitivity of all organisational data is key, and different data types, locations and classifications should be protected appropriately, with more investment and protection being put in place to protect the most sensitive data within the organisation. Regular reviews need to be made to keep on top of this situation, as data locations, types and flows are constantly changing in any modern organisation.”