Remote Access Breach Advisory Header Image

Remote Access Breach Advisory

GDPR

 

It is your responsibility to report a data security breach to the Information Commissioners Office (ICO), based on the guidance provided by the Information Commissioner. Impact Computing does not provide guidance on whether a breach should be reported.

 

Fraud, Cyber Crime and Phishing Attempts

 

Where you have been the victim or fraud, cyber-crime or a phishing attempt, you can report it to the police using the following site: Action Fraud UK Police Report. We advise with any security incident that you also inform your bank.

 

Remote Access Breach

 

In the event that one or more of your users with remote access is hacked by an unauthorised third party, please keep the following points in mind:

 

What you need to do:

  • Keep in mind that an unauthorised 3rd party has possibly had access to all your confidential data, including e-mails and attachments, contacts, files, and financial information, though this is not an exhaustive list. Consider the risks and what the unauthorised party could do with this information.
  • We recommend that all accounts we do not manage have their passwords reset. Please ensure you follow our best practice guidelines for setting passwords.
  • In instances where confidential client data may have been accessed, we recommend contacting a solicitor to assess your responsibilities, especially in relation to GDPR. Impact Computing cannot advise you on your legal obligations.
  • Remote access should only be given to staff who require it to minimise your security risks.

 

What we will do:

  • We will reset the passwords of, or lockout any affected accounts.
  • Where we cannot immediately identify which account has been breached, we will perform a mass reset of all passwords and attempt to identify the source of the breach.

 

What you should be aware of:

  • Additional paid services are available to better secure remote access solutions, for example two-factor authentication security - please contact us for details.
  • We can provide a report detailing who has access to the remote desktop server and this report is available upon request.
  • We recommend against providing blanket remote access to all your employees.