Unless you’ve been on Mars for the past six months, you won’t have missed the high-profile data breaches suffered by both Government and private sector organisations. But why have these breaches been happening?
The proliferation of portable storage devices alongside unmanaged PC connectivity has created a recipe for disaster. It really is just too easy to accidentally leave a USB stick in the pub or a laptop in the back of a taxi (or, indeed, lose a CD in the post).
Humans will make mistakes. Confidential data can never be completely safe. Organisations, therefore, need to ensure that all technological methods of protection are in place in order to minimise the risk.
For example, encryption of all data transferred onto a portable storage device would minimise the risks should that device be lost or stolen. It’s a simple, quick and cost-effective solution, yet it doesn’t seem to be happening as a
matter of course.
The reasons for this seem to be twofold. First, people don’t yet understand the risk associated with customer data and therefore don’t take the necessary precautions. Second, the majority of organisations deploy standalone encryption solutions, which can be troublesome to decrypt by those outside the organisation, such as partners, and this perceived hassle can put people off bothering to encrypt at all.
Ultimately, responsibility for the security of sensitive information has to rest at the top. How would your business cope if your closest competitor suddenly had a copy of the prototype for your hottest product, for example? And what of the damage to a company’s reputation and consumer confidence following a high-profile breach, which could cost millions and be unrectifiable?
While it is undoubtedly crucial that organisations have procedures and technologies in place to prevent a breach or protect the data should one happen, underlying behaviours and attitudes also need to change. Consumers place huge amounts of faith in organisations to keep their information safe.
These organisations must, in turn, demonstrate they take this responsibility seriously and are doing their utmost to keep personal data secure. Is it therefore time for the Government to pass a full disclosure bill whereby all data breaches have to be made public and the appropriate disciplinary proceedings taken?
Matt Fisher, Director