Comment on University of York data breach
July 2020 by Jeremy Hendy, CEO at Skurio
Following the news around the University of York disclosing a data breach caused by a third party supplier, American firm Blackbaud – Jeremy Hendy, CEO at Skurio comment:
“Breaches often happen through a security failure at a supply chain partner, three or four levels removed from your own organisation. Universities have complex digital ecosystems, with student and staff data potentially flowing through thousands of different technologies – many of which may not be visible. No matter how good your own network security, someone else may lose your data and bad actors are ready to exploit this, that’s why you need to be securing your data, not just your network.
All organisations in a digital supply chain are generally businesses with their own supply chain – it is critical that they enforce security standards with their own suppliers, require ISO certification, set mandatory requirements for data processing. In particular, after the recent European Court of Justice ruling, organisations should be more vigilant with any suppliers relying on the European Privacy Shield as a protective standard”