Storing data is getting easier by the day. First, it was computers, followed by laptops, net-books and now it is the pen-drive. Just hang it on your shirt or carry it in your pocket. That is movable data. It is a boon but at the same time, a curse if you do not keep it safely guarded.
A serious data breach
There was a recent case of a USB drive found unattended in a pub in South London. The drive contained carried data of around 26,000 social housing tenants and bank details of some 800 tenants
Breach details
Apparently, the USB drive owner worked for housing associations Lewisham Homes and Wandle Housing Association. The data belonged to the tenants of these housing associations. The USB drive was seen lying in the All Inn One pub. The authorities were immediately notified; fortunately, the data was not compromised.
According to Sally-Anne Poole, acting head of Enforcement at the ICO “Saving personal information on to an unencrypted memory stick is as risky as taking hard copy papers out of the office. Luckily, there is no suggestion that the data was misused. But this incident could so easily have been avoided if the information had been properly protected.”
The Lewisham Homes and Wandle Housing Association had breached the 1998 Data Protection Act by not encrypting the information of 26,000 people.
Action taken by the ICO
The ICO gave the housing bodies a stern warning and made them aware that they had clearly breached the Data Protection Act. Had the stick gotten into the hands of a hacker, all hell would have broken loose.
Reactions by security experts
According to Edy Almer, VP of product management at Safend: “It is good to see that data stored on the USB was most likely not compromised and that the immediate response from the breached party was to make things right. It is important to note it was a third party contractor that lost the data and not trained internal staff, thus highlighting the need to selectively block or encrypt all devices connecting to your network in order to protect sensitive data.”
Mark Fullbrook, UK and Ireland director at Cyber-Ark’ reacted: “This is yet another example of the poor data protection policies operating within organisations today. Using a memory stick to transport sensitive information may be convenient, but it’s certainly not secure and whilst in this case the memory stick was returned to its rightful owners, should it have fallen into the wrong hands the repercussions could have been severe”
Action taken by the housing associations
Lewisham Homes has revised its data security procedure and the contractor/owner of the stick has been dismissed.
What can be done to protect data?
Using encrypted software is the need of the hour. Be it an organization or an individual, if you are carrying data, it has to be protected, no matter how what it is.
Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption
No comments:
Post a Comment