Unless you’ve been on Mars for the past six months, you won’t have missed the high-profile data breaches suffered by both Government and private sector organisations. But why have these breaches been happening?
The proliferation of portable storage devices such as laptops, portable hard drives, USB sticks and ‘lifestyle’ products such as MP3 players, alongside unmanaged PC connectivity has created a recipe for disaster.
It really is just too easy to accidentally leave a USB stick in the pub or a laptop in the back of a taxi – or, indeed, lose a CD in the post.
Whatever policies are in place governing the treatment of sensitive data, the fact remains that humans will make mistakes.
Confidential data can never be completely safe. Organisations, therefore, need to ensure that all technological methods of protection are in place in order to minimise the risk to confidential information.
For example, encryption of all data that’s transferred onto a portable storage device would minimise the risks should that device be lost or stolen.
It’s a simple, quick and cost effective solution and yet it doesn’t seem to be happening as a matter of course. The reasons for this seem to be twofold:
First, people don’t yet understand the risk associated with customer data and therefore don’t take the necessary precautions.
Second, the majority of organisations deploy standalone encryption solutions, which can be troublesome to decrypt by those outside the organisation, such as partners, and this perceived hassle can put people off bothering to encrypt at all.
Ultimately, responsibility for the security of sensitive information has to rest at the top. It may be difficult to convince the board of the importance of data security but the financial and reputational impact of losing data, although possibly unquantifiable, can be catastrophic.
How would your business cope if your closest competitor suddenly had a copy of the prototype for your hottest product?
Plus of course, all the indirect costs, such as legal fees, compensation etc. And this doesn’t take into consideration the damage to a company’s reputation and consumer confidence following a high-profile breach, which could cost millions and be unrectifiable.
While it is undoubtedly crucial that organisations have procedures and technologies in place to prevent a breach or protect the data should one happen, underlying behaviours and attitudes also need to change.
Consumers place huge amounts of faith in organisations to keep their information safe. These organisations must, in turn, demonstrate they take this responsibility seriously and are doing their utmost to keep personal data secure.
Is it therefore time for the Government to pass a full disclosure bill whereby all data breaches have to be made public and the appropriate disciplinary proceedings taken?
Matt Fisher is the VP Marketing of Centennial Software which specialises in Network Inventory & IT Audit Software Asset Management Endpoint & USB Security