Cyber crime is never very far away. It invades all of our lives whether we realise it or not and becomes a bigger problem by the day. COVID-19 has been used as an opportunity for criminals and mendacious types to step up their attacks. It is our data that they are after and while our eyes have been elsewhere their resolve has become laser focused.
Everyone is vulnerable yet it is the companies and organisations that offer the greatest reward. They collect lots of data and therefore attract the greatest attention. MAny companies admit to having been attacked, some even admit to being breached yet it is likely that the picture is far worse than we think. Most companies will have had some form of attack and either will have dealt with it or not noted it.
What then do companies and organisations do when they have been breached? The media is littered with examples when companies get it wrong and this is usually on the back of two reasons, one the size of the beach and subsequent data loss, but more often the fact that they have tried to hide the incident. I wish they wouldn’t as they are bound to get found out sooner or later.
The best thing to do then is to come clean. If you have been breached, let your customers know, tell them what has happened, how this may affect them and what you are doing about it. Yes, this will be painful, you will get some flack, people will criticise you for not having stronger security but it will be out in the open and won’t fester like a sore that won’t heal.
I was pleased then to receive an email from Caroline Harper, Chief executive, Sightsavers: ‘I am writing to tell you about a data security incident involving a large technology company called Blackbaud. Sightsavers is one of the many organisations who use Blackbaud’s services and although the risk to our supporters is very low, I want to explain what this means for you and the data Sightsavers holds for you.’
Sightsavers has reported the incident to the Information Commissioner’s Office (ICO) and has committed to continue to work with them, other relevant authorities, and Blackbaud to investigate and monitor the incident.
What pleased me most about this email was that it was the first I had heard about it. I didn’t read about it in social media before Sightsavers wrote to me. The incident has happened, there is nothing I can do to reverse it but at least I can look at how this may affect me and make amends.
You can read more information about the incident on the Sightsavers website, and Blackbaud have provided further details on their website.
Thoughts from a Guerrilla Worker 