Ok tacky punchline but in all seriousness we have had yet another massive data loss this time it concerns prison officers which have now been put at massive risk through this.  What compounded the matter is that it would appear that this “lost data” took almost a year to discover.  Now at best the persons whose information was on this disk can hope that someone simply found the data, wiped it and re-used the disk but at worst it has been used for other purposes.

Data security is something that should not be taken lightly in any business regardless of whether you have 1 PC or a 1,000.  The information you hold has great value to someone whether that be your competitor or a crimal aspiring to identity fraud.  It is your responsibility to keep this information safe and away from people who should not have access to it.

Most businesses that utilise a server will have individual logins for each user which will allow the business to limit that amount of information that the user has access to but this also provides accountability for which person(s) has accessed what data.  However, this concept generally goes out of the window because of one of the following reasons:

• Password Sharing – the users allow one-another to have access their password
• Simple passwords – the users password is something simple like “password”, “letmein”, the dogs name, childs name etc
• Unattended workstations – the users walks away from their computer for lunch and leaves it “unlocked” allowing anyone access to information

All of these items make the best security practises fall flat on their face before you evan get started.

What can be done to fix this

Most of the above issues can be simply resolved by implementing a policy on the server which sets down a standard on all network computers which forces a password changed periodically; forces complex passwords and locks the computer after a period without use i.e. 5 minutes.

Other thoughts

The other issue which is becoming more prevalent these days is the Digital Nomad aka the notebook user.  The Digital Nomad is a new breed of user who essentially speaking is able to work regardless of location.  This work style is becoming more popular with the recent fuel increases however with this new style of mobile computing comes it’s own challenges.  This type of worker will generally carry a quantity of data with them and this information is what they need to do their job.  This can be something as simple as a drawing or can be an entire client database complete with business and personal details.  If this notebook was to be lost/stolen etc then all of this information would be available to anyone who has the computer.  The best resolution to this is to implement encryption software/hardware which can be installed to the notebook.  There are many software solutions available which range from completely free to not so free.  Most of these can provide either encrypted volumes  (additional drives which only appear once a passphrase has been entered) or they are able to encrypt the entire drive so no one can use the computer without the passphrase.  Both of these solutions have their own merits and the implementation will be a personnal choice however it should not be overlooked.

Any lost data can and will inevitably cost your business money and will tarnish your reputation.  A recent data loss has resulted in a contract worth £1.5 million being lost, don’t let this be your business.

For more information on data security solutions then please contact us at sales@jpt-solutions.co.uk

Posted in Encryption, Security September 10th, 2008