As a result of a phishing attack, the San Diego Unified School District was forced to send an email to parents and former students notifying them that their PII (personally identifiable information) may have been accessed by an unauthorized party. Over 500,000 students, dating back to the 2008–09 school years, and around 50 personnel were affected.
According to the notification, the viewing or copying of some personal data was possible or occurred between January 2018 and November 1, 2018. Staff became aware of the issue in October 2018.
“Data security has become an increasing concern for public agencies, corporations and private citizens nationwide,” said Toren Allen, executive director of San Diego Unified’s Integrated Technology Department. “We are constantly reviewing our practices and systems in an effort to find efficiencies and to identify potential vulnerabilities.”
Sadly, the theme of getting attacked, sending a letter to those affected, and suffering the inevitable reputational and financial damage has become so common that it’s almost expected. Yet it doesn’t have to be this way.
How penetration testing helps protect your organization
Regular penetration testing can prevent cyber criminals from exploiting vulnerabilities in web servers, browsers, email clients, POS (point-of-sale) software, operating systems, and server interfaces.
Penetration tests provide an end-of-state check to make sure all required security controls have been implemented correctly. They can also be used in the early stages of development of new processing systems to identify potential risks to personal data.
Why conduct a penetration test?
An organization should carry out a penetration test:
- In response to the impact of a serious breach on a similar organization
- To comply with a regulation or standard, such as the PCI DSS (Payment Card Industry Data Security Standard) or the EU’s GDPR (General Data Protection Regulation)
- To ensure the security of new applications, or following significant changes to existing applications or business processes
- To manage the risks of using a greater number and variety of outsourced services
- To assess the risk of critical data or systems being compromised
Protect your organization. Contact us for more information about penetration testing.