Numpty Nigel gets stuck in a rut

Numpty Nigel isn’t your most dynamic individual. He likes what he knows and he knows what he likes. Which means that he doesn’t like change. Or progress. Nigel needs to move with the times. If he doesn’t, there will always be someone out there ready to take advantage. Don’t be like Nigel.

By Nigel Jones

Co Founder of The Privacy Compliance Hub

Patch

Each of the ‘Privacy Fails’ we discuss in this series of short articles are real.  They are based on things we have seen at the The Privacy Compliance Hub.  They are based on reports from regulators of the complaints they have received; the data breaches reported to them; and the fines and other enforcement actions they have levied.  These things do happen.  A lot.  Don’t let them happen to you.  Don’t be a numpty.

The privacy fail

This ‘Privacy Fail’ is caused by failing to promptly update software or apply security patches.  Sometimes software updates are issued to provide users with improved functionality.  Often, they also plug a hole which has been discovered in the security of a product.  It may be that the hole has been discovered by penetration testing, or as a result of a bug bounty.  In which case, the hole may not be widely known.  However, by issuing an update, sometimes that hole becomes better known which is why any update should be applied promptly before criminals seek to exploit it.

A privacy statistic

There are no statistics stating exactly how many data breaches or complaints to the regulator are caused by failing to install software updates.  In the UK, 2.1% of data breaches have been attributed to what are called “other cyber incident”.  Specified cyber incidents include Phishing (10%) and “unauthorised access” (6.7%).

When compared to “other non cyber incidents” (33.2%) you can see where the greatest risks lie (ie not from hackers). However, letting a hacker in can be very expensive.

To see all of the most common ‘Privacy Fails’, take a look at all the articles in our ‘Numpty Nigel’ series.

Real life examples with real life consequences

In January 2018 the UK regulator, the ICO, fined Carphone Warehouse £400,000 for a catalogue of failures related to data security which had led to a data breach in 2015.  Intruders gained entry to Carphone Warehouse’s systems by using valid login credentials on out of date WordPress software.  The ICO also found that other important elements of the software used by Carphone Warehouse were out of date.  This fine was issued under the old Data Protection Act and under the GDPR it is likely that the fine would have been a lot larger.  Perhaps we will find out how much larger because in July 2018, Dixons Carphone announced another data breach from 2017 in relation to 10 million records and over one million customers.

How to avoid this privacy fail

Put in place a system to ensure that all staff software and apps are up to date.  Activate automatic updates by default.  Enforce a policy on use of personal software and apps on company devices.

Train your staff on the risks of not updating software.  Create postcards with common ‘Privacy Fails’ such as this one.  Discuss the risk at team meetings.  Make your staff understand and it is more likely you will make them care.  This is all part of creating a culture of continuous privacy compliance which needs to be at the heart of any privacy compliance programme.

You may want to consult the information on updates provided by Apple, Google and Microsoft.

A culture of continuous privacy compliance

At The Privacy Compliance Hub, we help organisations establish and maintain a culture of continuous privacy compliance by making everyone in an organisation understand privacy, care about privacy and do their bit to protect personal information.  Our platform contains a structure, a programme, a route map, records, information, reporting and training to enable all organisations to build that culture and comply with privacy rules including the GDPR and the CCPA.  It reduces the risk of data breach.

Watch our short product walkthrough video to see how The Privacy Compliance Hub could help your organisation avoid expensive and time consuming data breaches.

Watch video

Numpty Nigel

Numpty Nigel’ is fictional.  He is not based on any person living or dead.  Any resemblance or similarity to any person living or dead is purely coincidental.  It’s just that one of our Co Founders is called Nigel.  He is not a numpty.  But he does think that ‘Numpty Nigel’ sounds funny.  And the name Nigel is slowly dying out.  So this series of articles is for all the Nigels out there.

More to watch and read