Social Networking
Riding the social media wave
Sunday 12 October 2008, 9:54 PM
Another Day, Another Data Loss
Earlier this year the head of Revenue & Customs resigned after his department lost the details of as many as 15 million child benefit claimants in what was believed to be the world’s biggest ID protection failures. Disks used to store information including home addresses, dates of birth, National Insurance numbers and bank details went missing in transit. I was pi**ed because my details were out there in the wild...
Unsurprisingly, this incident was not the first security breach involving HM Revenue & Customs: earlier that month (April) the BBC reported that a CD-ROM containing the personal details of thousands of Standard Life pension holders had gone missing, leaving them at risk of fraud. Do you still trust the Government to store your data safely and appropriately?
There’s more. An investigation is now under way into the disappearance of a computer hard drive containing the personal details of approximately 100,000 members of the Armed Forces. The information includes bank details, dates of birth, passport numbers, addresses and telephone numbers. The disk was being held by EDS, one of the Government’s main contractors, according to media reports.
This latest security blunder involves unencrypted disks that contain extremely sensitive information and at this stage it is not known how long the data has been lost for. Whether data was lost by the Government or a contractor, without implementing the necessary security procedures to protect data in transit, data leakage will continue, exposing thousands of innocent people to identity theft.
This incident demonstrates that decisive and effective measures still need to be taken to protect against data leakage. Although taking control of data leakage is no mean feat, any organisation holding sensitive data needs to take responsibility for establishing and enforcing device control policies that assign permissions to individuals and devices.
Moreover, all data needs to be encrypted to ensure that if it falls into malicious hands it is inaccessible and worthless. It is simply no longer enough to write a computer security policy and expect everyone to follow it to the letter. This is especially true in the case of contractors - monitoring your information and knowing where it is at all times becomes much more complex when multiple parties are involved in the process.
The proliferation of data loss occurrences due to the inappropriate or sometimes criminal use of removable media devices has reached alarming levels, with no sign of abating. The only way to eliminate data loss from removable devices is to take control of the flow of inbound and outbound data from your endpoints and encrypt the data during transmission. These solutions exist today; policy needs to enforce their usage.
The Government released a report into Data Handling Procedures in June 2008 addressing this issue and we are seeing isolated moves to proactive implementation of policy, such as NHS boards across Scotland injecting funding into the improvement of IT security. But, we can only ask when will all organisations start taking this escalating data loss seriously and act preventatively?
Unsurprisingly, this incident was not the first security breach involving HM Revenue & Customs: earlier that month (April) the BBC reported that a CD-ROM containing the personal details of thousands of Standard Life pension holders had gone missing, leaving them at risk of fraud. Do you still trust the Government to store your data safely and appropriately?
There’s more. An investigation is now under way into the disappearance of a computer hard drive containing the personal details of approximately 100,000 members of the Armed Forces. The information includes bank details, dates of birth, passport numbers, addresses and telephone numbers. The disk was being held by EDS, one of the Government’s main contractors, according to media reports.
This latest security blunder involves unencrypted disks that contain extremely sensitive information and at this stage it is not known how long the data has been lost for. Whether data was lost by the Government or a contractor, without implementing the necessary security procedures to protect data in transit, data leakage will continue, exposing thousands of innocent people to identity theft.
This incident demonstrates that decisive and effective measures still need to be taken to protect against data leakage. Although taking control of data leakage is no mean feat, any organisation holding sensitive data needs to take responsibility for establishing and enforcing device control policies that assign permissions to individuals and devices.
Moreover, all data needs to be encrypted to ensure that if it falls into malicious hands it is inaccessible and worthless. It is simply no longer enough to write a computer security policy and expect everyone to follow it to the letter. This is especially true in the case of contractors - monitoring your information and knowing where it is at all times becomes much more complex when multiple parties are involved in the process.
The proliferation of data loss occurrences due to the inappropriate or sometimes criminal use of removable media devices has reached alarming levels, with no sign of abating. The only way to eliminate data loss from removable devices is to take control of the flow of inbound and outbound data from your endpoints and encrypt the data during transmission. These solutions exist today; policy needs to enforce their usage.
The Government released a report into Data Handling Procedures in June 2008 addressing this issue and we are seeing isolated moves to proactive implementation of policy, such as NHS boards across Scotland injecting funding into the improvement of IT security. But, we can only ask when will all organisations start taking this escalating data loss seriously and act preventatively?
Previous
