Member Article

Has MOVEit made you think more seriously about data governance?

If not, it should and here’s why

As the days roll by it is becoming increasingly clear that the MOVEit vulnerability which was discovered earlier this month is having very, very far-reaching repercussions.

A growing list of UK companies have been affected by the cyberattack on payroll service provider Zellis, which occurred via one of its third-party suppliers (Moveit), this has resulted in hundreds of thousands of staff members at these organisations having their personal information posted on the dark web.

The hack was first made public when US-based firm Progress Software identified that hackers had discovered a method of breaking into its MOVEit Transfer tool, a widely used software which enables users to move files from one place to another.

Reporting on the news Bloomberg said: “the attack raises questions about exactly how many companies across the world’s information supply chains possess sensitive data about private citizens and how prepared their systems are to handle security breaches”.

This is a very valid concern as a mind-boggling amount of data is being passed around the globe through various supply chains. What organisations must recognise is that any movement of data carries a risk; and therefore understanding the data journey is critical in order to minimise this risk. What this breach shows us is that not enough people have sight of the data journey trusting in their suppliers that the data is ‘safe.’

It is for exactly this reason that we have moved so much of our software to the Cloud, where it is more secure and also cuts down on the dangers of data transfer.  It allows users to manage their data processing in a secure manner, as opposed to the traditional way of transferring Personally Identifiable Information (PII) from supplier to supplier.

As new breaches come to light, an inevitable fall out from this will be an increased focus on data governance. A spotlight needs to be shone on the flow of an organisation’s data (everything from payroll through to data cleansing) and the risks need to be identified, categorised, and considered.

This was posted in Bdaily's Members' News section by The Software Bureau .

Enjoy the read? Get Bdaily delivered.

Sign up to receive our popular morning National email for free.

* Occasional offers & updates from selected Bdaily partners

Our Partners