Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Breach Case 12: Preparing to fail by failing to prepare Neil Sanson
8 June 2020 at 15:55

computer security padlock hacker hacking theft thief keyboard cyber

We sometimes hear stories about individuals losing their entire photo library after their home is burgled. Failing to keep an offsite backup of important information can be a huge risk for organisations or individuals.

A recent data breach incident at a New Zealand law firm provided an example of how professionals can also get into great strife if they do not have secure back-ups of their work.

The firm in question was burgled, and their computers were taken. They had relied on the physical security of their building to protect their data and had no off-site back-ups of critical files. An external hard drive with backups of all the data was stored on-site and was also stolen. The data was not encrypted.

The importance of securing your data

For ordinary business records, a total loss of data is bad enough. But when an organisation loses files containing sensitive personal information about clients, this has potential to cause serious harm to many people. A comprehensive and robust approach to encryption across the law firm would have been reasonable protection and would have substantially reduced the risk to the firm.

Whether the threat is a burglar targeting electronic gear, a fire, or a building condemned for earthquake damage, having a secure off-site back-up mitigates the risk of loss.

Another good reason for making sure you have a good back-up system is ransomware. Having a set of back-ups will make getting back up and running much easier.

For more information

CERT NZ provide good advice for businesses, including advice on backups here.

We regularly get data breach notifications and we will continue to share the lessons to be learned from these. If you want to know more about data breaches, please check out our data safety toolkit.

 

Back