Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
While some might say the manager was made a scapegoat, others clearly hope such disciplinary action becomes more common. Either way, keep watch of those laptops, or risk your career.
Lesson Three: USB drives don't stay in pocketsMemory sticks are great you can transfer data easily and quickly, stick it in your pocket, and then lose it all on a pub floor.
Back in May, the MoD did just that. A USB was discovered on the floor of a Newquay nightclub. The unencrypted stick contained data on military personnel, training exercises, and soldiers' accommodations.
Thankfully, whoever discovered the roving USB did the right thing, and rather than hand it over to terrorists, turned it into responsible authorities a tabloid newspaper.
And just this month, the government lost a memory stick in a pub car park; this time, it held passwords to Government Gateway, a massive online public sector portal.
So while USB drives might seem a cheap and cheerful data transfer tech, they can be costly. Just ask PA Consulting. That firm mislaid a memory stick containing the details of all 84,000 prisoners in England and Wales. For that, the Home Office ended its 1.5 million contract.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Lesson Four: Laptops are easy to stealLaptops and portable hard drives are not only easy to carry around, but relatively pricey equipment. Unsurprisingly, if it's worth stealing and it isn't nailed down, it's going to get stolen.
So don't leave laptops near open windows, in unlocked car boots or anywhere a devious member of the public could spy it and snatch it. The MoD, the NHS and other government agencies can all attest to this, though they don't seem to be learning the lesson very quickly.
A Tooting-based hospital saw six laptops vanish in one incident this year, while two were stolen from a hospital in Brent.
Thieves nicked a laptop belonging to secretary of state for communities and local government Hazel Blears through a smashed window, while a MoD laptop holding details of 600,000 people was stolen from a car.
Laptops aren't the only theft-friendly devices. A few drives containing Royal Air Force personnel data went missing from a military base earlier this year.
And it's not just public sector organisations losing laptops. Associated Newspapers lost one computer containing bank account details.
Lesson Five: Encrypt everythingWith all the roving USB drives, stolen laptops, discs lost in the post, isn't it time encryption became the norm?