The Home Office has admitted to exposing the email addresses of migrants involved in the Windrush compensation scheme and breaching data protection regulations. Immigration Minister Caroline Nokes released a statement apologising for the data breach which exposed some 500 email addresses. Egress Software‘s CEO, Tony Pepper comments:
“Immigration minister, Caroline Nokes, has again apologised to the Windrush generation after about 500 private email addresses were mistakenly shared with recipients of a mailing list for the compensation scheme. When this accidental incident occurred, there was no safety net and no way of alerting the sender of the mistake. This is a common error that we’ve also seen in our recent research, where 45% of employees who accidentally shared information sent it to the wrong person.
Traditional solutions to prevent inbound and outbound data breaches – such as firewalls, endpoint security, encryption and malware scanning – have little to no impact on accidental incidents, as they can’t stop someone from doing something like sending an email to multiple recipients using To/Cc instead of Bcc. This is because they can’t tell the difference between ‘good’ and ‘bad’ user behaviour (whether accidental or malicious).
While organisations typically prioritise the malicious outsider over the accidental insider threat, the latter has been fundamentally underestimated. With intelligently applied machine learning and big data analysis combined with a people-centric approach to technology and awareness programmes, it is possible to mitigate against such human errors and enhance organisations’ cybersecurity.”
(68)
