The Information Commissioner has claimed that many data breaches reported to his office are entirely “preventable”.
John Edwards, who has been in the role since the start of this year, said the data watchdog “has seen a 19% increase in reports of cybersecurity incidents involving personal data over the past two years” .
Many of these breaches would never have happened had the organization in question paid more attention to basic security measures, Edwards said. Employers and staff must play their part in ensuring the effectiveness of cybersecurity best practices.
“Our experience is that many problems are preventable and the first step is to get the basics right,” the commissioner added. “It’s not about doing it once and forgetting it. It is about creating a culture of vigilance. Our statistics show that a growing number of cyberattacks come from phishing, emails that seek to trick or persuade staff to share usernames and passwords. Measures such as multi-factor authentication are helpful here, but up-to-date staff training is essential to spot and report phishing attempts. »
The chief regulatory officer said there is a range of information available for organizations that want to improve their cyber posture. In particular, he cited the work of the National Cyber Security Center.
“Cybersecurity can seem daunting, but it doesn’t have to be,” Edwards said. “There is a wealth of advice available, including our handy guide to keeping your IT systems secure, as well as information from the NCSC and [its] Cyber Essentials campaign. »
Edwards’ comments were made to AudienceTechnology sister post world of public servicewho interviewed a range of industry experts on the biggest cyber threats facing the UK today.