From the very beginning UKFast has endeavoured to keep businesses safe online and our latest investigations into the state of cyber security for both the public and private sector in the UK has brought up some surprising results.
Unsecured databases have so far been the most common security faux-pas and sit at the top of the data protection ‘what not to do list’. Storing sensitive data live on a web server leaves every piece of info within the database open to be indexed by search engines like Google.
Google is extremely good at indexing and a simple search – with less than five words – can bring up even the most sensitive information. A local government body’s £83m budget expenditure and all of their suppliers’ personal details were exposed using the same method.
Within one database that the team discovered was a company’s complete client data records. Personal information, from names and addresses to balances and which service the client had requested, was left open for all to see through an incredibly simple set of search terms.
Upon further investigation, the team discovered that not only was all of the client data available, so was a set of employees’ personal information including scanned images of the company’s IT director’s passport and bank statement.
Obviously we called the company straight away to inform them of just how much data they had left open for all to see. Speaking to the IT director himself, we were told that the problem was simply that an employee had deleted the ‘htaccess’ file that had password-protected the key data, leaving it exposed.
The company were quick off the mark to fix the problem once it had been highlighted which was refreshing to see.
However, these examples have brought to the fore the importance of even the most basic level of cyber security awareness. How can everyone fight the more complex cybercrime tools and techniques when we are not securing the basics?
Here at UKFast we will be continuing our series of investigations, bringing you the latest advice on how to secure your business online – and there are a few exciting developments in the pipeline of our cyber security battle, so watch this space!
In the meantime, here are our top tips to keep your data safe:
- Encrypt ALL sensitive information – if in doubt, encrypt it anyway
- Don’t store anything on a web server that you don’t want to be accessible by search engines
- Test your security – use penetration testing or employ an ethical hacker or security firm
- Consider secured supplier portals to allow the safe sharing of information.