If not, it should and here’s why

As the days roll by it is becoming increasingly clear that the MOVEit vulnerability which was discovered earlier this month is having very, very far-reaching repercussions.

A growing list of UK companies have been affected by the cyberattack on payroll service provider Zellis, which occurred via one of its third-party suppliers (Moveit), this has resulted in hundreds of thousands of staff members at these organisations having their personal information posted on the dark web.

The hack was first made public when US-based firm Progress Software identified that hackers had discovered a method of breaking into its MOVEit Transfer tool, a widely used software which enables users to move files from one place to another.

Reporting on the news Bloomberg said: “the attack raises questions about exactly how many companies across the world’s information supply chains possess sensitive data about private citizens and how prepared their systems are to handle security breaches”.

This is a very valid concern as a mind-boggling amount of data is being passed around the globe through various supply chains. What organisations must recognise is that any movement of data carries a risk; and therefore understanding the data journey is critical in order to minimise this risk. What this breach shows us is that not enough people have sight of the data journey trusting in their suppliers that the data is ‘safe.’

It is for exactly this reason that we have moved so much of our software to the Cloud, where it is more secure and also cuts down on the dangers of data transfer.  For example, Clean Contacts sits within the Dynamics CRM environment, which is also part of the Microsoft eco-system – so data is only transferred temporarily within the secure Azure cloud.  The SwiftCore platform, also hosted in Azure, allows users to manage their data processing in a secure manner, as opposed to the traditional way of transferring Personally Identifiable Information (PII) from supplier to supplier. To find out more about this read our article about on-premise versus cloud based data security: https://www.thesoftwarebureau.com/on-prem-v-cloud-data-breaches-where-is-the-safest-place-for-your-data/

As new breaches come to light, an inevitable fall out from this will be an increased focus on data governance. A spotlight needs to be shone on the flow of an organisation’s data (everything from payroll through to data cleansing) and the risks need to be identified, categorised, and considered.

If you would like to speak to any of our experts about this latest breach and are concerned about your own data flow particularly in relation to hygiene, please do get in touch!