" It’s just simpler when all files are in one shared folder.”
COMPANY
Sector: Logistics
Size: 40 employees
Location: Flanders
FACTS & FIGURES
All users were affected
Protection efforts: Flat file share, no access rules
Business Impact: Operational delays and document loss.
STORY
Within a logistics SME in Flanders, access to all folders on the central file server was granted to every employee—from admin to warehouse. One employee, enjoying the curious nature of the investigations, had mistakenly deleted the master invoice template of the logistics SME in Flanders. Unfortunately, there were no access logs, access control, or backup plans to help with the recovery.
INCIDENT OVERVIEW
A logistics company in Flanders set up its file sharing for simplicity, with everybody—interns to the CFO—invited into one big happy file share where any and every document could be accessed. That was fine until somebody by mistake deleted the invoicing template for the company. No log, no backup, no access control, and hours of finger-pointing and confusion ensued. The company was also exposed, even more dangerously, in telling details that concerned personal files and its payroll. Mistakes are unfortunate and not meant to happen, but when you set up a system like this, mistakes multiply.
BUSINESS IMPACT
Essential documents has been deleted.
Data breach of payroll and human resources data.
Critical effort to demonstrate the accountability regarding the GDPR principles
SECURITY MEASURES
Here bellow, you can explore some advices to mitigate risks and enforce secure configurations:
Grant access based on roles and responsibilities.
Organize file shares by department or project. This helps involved parties easily find relevant files and makes it possible for IT to manage file shares more effectively.
Utilize audit logs to monitor file access and removal.
Make sure that all staff are well informed about how to handle data in a responsible manner.