The FCA was left red-faced last week when it admitted to the accidental publishing of personally identifiable information on their website following a Freedom of Information request last year.
However, the irony is that the breach involved 1600 individuals who made complaints against the FCA between 2 January 2018 and 17 July 2019.
This also comes after they published a joint statement with the ICO, warning insolvency practitioners and authorised firms to be “responsible with personal data”.
It was the face-palm felt across the whole industry, but it also highlights the stark reality that no one is safe from a data breach, not even the regulators.
The FCA has since come out to say that the breach was a “mistake” and they have “undertaken a full review to identify the extent of any information that may have been accessible” as well as referring themselves to the Information Commissioners Office.
What is more alarming is the fact that the regulator only noticed the mistake three months after the fact.
Human error is arguably the biggest cyber-risk to an organisation and building a strong data culture will not remove the risk, but it can certainly minimise it and the potential damage caused. Setting out clear policies as to where data sits within the organisation, what it’s used for and who is managing it, is essential in making sure employees are kept accountable, regardless of their position within the business.
Francis Gaffney, Director of Threat Intelligence at Mimecast told Computer Business Review that organisations “must have a detailed and well-thought-out plan in place for any cyber incident to ensure any mitigation is as effective as possible. This plan needs to be tested regularly, carrying out various likely and impactful scenarios to keep the process well-oiled and efficient”.
Understanding the vulnerabilities in your system and embedding a strong data culture is your first line of defence against potential attacks or breaches. As technology expands and hackers become increasingly sophisticated, there must be no room for negligence within organisations.
With data protection and cyber-crime being one of the fastest growing industries in 2019, businesses are responding to the increasing threat by investing in their own defences and building strong data frameworks, within their organisation.
Building strong Business Resilience and Disaster Recovery programmes within privacy teams allows firms to minimise, not only the prospect of, but also the impact of cyber-crime and data breaches which has become the biggest threat to industry in 2020.
FourthLine are actively working with clients across industries, from the Finance sector to Retail, to help them build and establish robust Data Protection frameworks from the ground up.
If you are looking to improve your organisation's ability to minimise and control data privacy and security risks, our Risk and Security team at FourthLine can help.
Schedule a call with our Senior Consultant James Carter to find out how our expertise can help you identify, reduce and manage security risks.
How FourthLine can help:
FourthLine is working with a number of financial service firms to help them with Operational Resilience enablement and Outsourcing and 3rd-Party Risk Management, through a mixture of end-to-end consulting and resourcing options.
