A survey from data discovery and auditing software vendor Netwrix has revealed that inappropriate data sharing continues to be a problem for companies and businesses. The research shows that whilst most companies store their data in designated secure storage, there is still a risk of it leaking into insecure areas.
Data leaking is likely to occur when employees have not followed security policies and procedures, where they have been implemented. The survey found that many companies don’t keep tabs on user data access privileges, making it harder to track data sharing.
NCSC recommends that organisations understand and catalogue the data they hold and for what purpose. Classification systems may be used to manage the appropriate handling of data and support the audit of user access to sensitive information. Organisations should also ensure that users receive appropriate training for handling sensitive data, and that systems are fit for purpose.
HMRC phishing scam targets passport information
A phishing scam designed to steal personal and financial details from self-employed workers is now trying to capture passport information from victims.
Details from a threat report in June explain how people are informed via SMS that they may be eligible for a tax refund. They are then redirected to a fake web page that looks like the official HMRC site.
The recent addition to this scam includes requesting passport information as part of a ‘verification’ process.
HMRC will never send notifications of a tax rebate or ask that personal or payment information, including passport information, be disclosed by email or text message.
The NCSC has information on how self-employed workers, and others, can protect themselves against phishing.
Any suspicious email can be forwarded to the Suspicious Email Reporting Service (SERS) and text messages should be forwarded to 7726.