Security Breach – 9 June 2022

Security awareness training is the key to strengthening your company’s security

Security Breach – 9 June 2022

Security awareness training may not be exciting, but the benefits of training are very exciting. Companies that engage in regular security and compliance awareness training programs gain many advantages that help them avoid cyberattacks and prevent cybersecurity incidents as well as reducing the chance of an expensive compliance error. Take a look at these four big benefits of training to learn more about all of the ways that businesses can profit from even a modest investment in security and compliance awareness training.

Establishing and conducting a training program may require a small initial outlay of cash, but the major security benefits an organisation can receive from it are priceless. Security awareness training improves phishing awareness by an estimated 40%. While training may sound nebulous or frivolous, it’s not. Instead, the benefits of security and compliance awareness training have been scientifically proven.

Recent Breaches

Australia – iCare – Insurer

Exploit: Insider Risk (Employee Error)

Risk to Business: Severe: State insurer iCare is in the hot seat after an employee mistakenly shared the details of almost 200,000 injured workers with 587 employers and insurance brokers after sending the incorrect cost of claims analysis reports to the wrong recipients. The employee information was contained in spreadsheets that were mistakenly sent as attachments to the wrong employers. The company sent impacted workers an apology for the incident in May 2022.

Risk to Exploited Individuals: Severe: The missent cost of claims reports included a summary of workers’ claims history, their name, date of birth and injury category, workers’ policy number, a breakdown of weekly payments, claim costs and gross amounts paid, but no banking or contact details. 

Customers Impacted: Unknown

Australia – ACY Securities – Financial Services

Exploit: Misconfiguration

Risk to Business: Severe: A misconfigured database owned by ACY Securities is to blame for the exposure of personal and financial data of users and businesses. An estimated 60GB worth of data was left exposed and accessible on the web without any security authentication. The data has since been secured.

Risk to Exploited Individuals: Severe: Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

Customers Impacted: Unknown

Talk to a TCT team member today about implementing cyber security and phishing training plan for your staff.

Robert Brown

Follow us on LinkedIn: 

Related Articles:
Things you should never do on a work computer
Cybersecurity mistakes that leave your data at risk