Turn on the news and you’ll see the return of a familiar theme. They’re all over the papers and on every news feed. In fact, you can’t go anywhere in 2018 without hearing about them.
The UN has just announced a data leak which could have resulted in the loss of sensitive internal communications. It seems like 2018 has been the Year of the Data Breach, with one appearing in the headlines every other day.
This recent high profile data leak at the United Nations meant that employee details and communications at the U.N. were exposed to the internet.
The leak occurred due to a misconfigured Trello app which allowed a hacker to infiltrate systems and harvest key data from the global organisation. A hacker was able to get into vulnerable Trello boards, which led to a Jira link and Google Docs that were left unsecured.
It might seem unbelievable that such a high-profile organisation could be making these simple cybersecurity mistakes, however we’ve seen it so many times over the past few months. Reddit, British Airways and the NHS are just some of the big names to have suffered at the hands of hackers and unsecure websites, leading to worldwide data breaches which have revealed the details of thousands, if not millions, of people.
A U.N. spokesperson told The Intercept:
“Some of the boards listed have communications materials which are not sensitive, while some have outdated information. However, we are reviewing all boards on the list to ensure that no passwords or credentials are shared through this medium.
“We take security very seriously and have reached out to all staff reminding them of the risks of using a third-party platform to share content and to take the necessary precautions to ensure no sensitive content is public.”
While it is thought that none of the data was viewed by anyone except the security researcher who uncovered the vulnerability, the Trello boards and documents have since been secured. How do you know if your data is being viewed by criminals?
It’s time to secure your Trello boards!
But, first of all…
Put simply, a Trello board is a list of lists. Trello is a service used by businesses who want to keep track of their workload and manage it in neatly organised boxes. The tool is a dream for those who love efficiency and get a thrill by ticking things off their To Do list.
While Trello is a helpful storage tool and the advantages of this app are manifold, it’s important to remember not to store important information, such as passwords and employee details on this external app.
The key advice to take away from the U.N.’s precarious situation is to always configure your Trello boards and cards so that they are private and only viewable by the internal staff that need to view them. By giving access to external people or untrained members of the team more than is necessary, you run the risk of leaking data to the general public.
Unsure if your company is secure? UKFast’s sister-company Secarma use hard-hitting ethical hacking to penetrate your business and test the strength of its security. Want to find out just how resilient you are? Speak to a cybersecurity expert at Secarma today.