September 25, 2008
Nearly four out of five people in Britain don’t trust the organizations that hold their personal data to keep it safe. Of more than 1,600 individuals questioned, some 89 percent believed that reckless data security breaches should be a criminal offense. The majority of respondents felt that those guilty of avoidable data security breaches should be imprisoned.
93 percent of those surveyed said they would not be willing to give their personal data to an organization that had already reported a previous security breach.
September 16, 2008
UK newspaper, the Daily Mail, has revealed that a police officer in the West Midlands has lost a 4GB memory stick reported containing top-secret information on terror suspects. The device was lost when the officer took the device on patrol.
At least one property has been raided in the search for the lost USB stick, but so far it has not been found.
Although police would not confirm it, the newspaper believes the device held information on a number of suspected terrorist cells being monitored by police.
There is no word - and hence nothing to suggest that the data held on the USB was encrypted, meaning that anyone who now has the device has access to some potentially highly-sensitive data. The security breach is serious enough that the UK Home Secretary, Jacqui Smith has been informed.
This is yet another high-profile example of how allowing sensitive data to be copied to inherently insecure devices, with no security precautions, can be a seriously risky practice.
September 5, 2008
New research announced this week revealed that 88 percent of IT Administrators would have no problems stealing confidential information from their employer’s network if they were fired. And with these employees privy to all areas of the network, one can only imagine the kinds of data they could easily lay their hands on…
While the company that sponsored the research believes this is a good reason to change passwords on a regular basis, WatchYourEnd also strongly recommends organizations invest in technologies that can be used to stop the unauthorized copying of data from the network to portable storage devices such as USB sticks, MP3 players and even CDs or DVDs.
Of the 300 IT Administrators surveyed, only 12 percent claimed they wouldn’t dream of helping themselves to company data.
Following an incident where a call center employee in Germany alerted authorities to bad data management practices by handing over details of 17,000 addresses and bank details, the Germany Interior Minister has promised tougher laws for data protection.
In Germany, there are currently no restrictions on the sale of personal data from one party to another - however, plans are now afoot to ensure this can only be done with the expressed consent of the individuals whose data has been collected.
However, WatchYourEnd believes that just as great a problem is presented by the ability of the call center worker to provide 17,000 records to the authorities without his employer’s knowledge. Clearly there were no data protection technologies in place to prevent the removal of the data from the corporate network. Although in this case the employee meant well, it could have just as easily been an attempt to commit identity theft or supply the information to criminal gangs.
The German government might do well to follow a similar tack taken by the British Government by planning laws which make it a criminal offense to allow a data security breach through negligence.
