BUSINESS CASE

Security

Inappropriate access to data is a leading root cause of many catastrophic cyber security breaches. 

That said, we really don’t want to try and ‘sell fear’, because we’re as tired of cyber security companies using that message as you are. We’re so much more positive about the value that Torsion creates. 

sharepoint permissions explained

Here are few example incidents, which led some of our customers to start using Torsion to prevent issues in future:

How it Happened: An HR manager with a spreadsheet of all staff’s salaries, stored in a Microsoft Team. They clicked the Share button to work on it with a colleague, but they accidentally shared with All Staff.

What Happened Next: Anybody could now find it with a simple search. An intern found the file, and it spread from there. Managers were immediately inundated with complaints like, “why is he getting paid more than me?”, “pay me the same as her or I’ll resign”, and “I feel so disrespected, I’m quitting”.

The Consequences: The company lost several good people, and paid out hundreds of thousands of pounds in unplanned remuneration to quell the damage.

How it Happened: A SharePoint site for the Board of Directors, with access controlled by an AD group. An outsourced IT Admin accidentally added a ‘Marketing’ group, nested in the ‘Board’ group.

What Happened Next: To the board members, access still looked correct. But everybody in marketing actually had access. Then a marketing member’s unlocked phone was pickpocketed on a train.

The Consequences:  The person who took the phone could now access highly confidential commercial plans. Threatening to make certain facts public, they extorted a substantial sum from the company.

How it Happened: A SharePoint Document Library contained network diagrams, with access shared with a contractor who did some work for the company years earlier, but whose permissions were never cleaned up.

What Happened Next: The contractor’s email account was involved in a cyber breach in a completely different website. The hacker used the contractor’s account to access the network diagrams and study them.

The Consequences: Using a weakness they found in the company’s network infrastructure, they launched a major cyber-attack, which resulted in customer details being compromised.

Get in touch

Find out more

Got a question or would like more information?