Posted: February 12th, 2010 | Author: Richard | Filed under: Data Security, Government | Tags: Data Loss Risk, Government, Security | No Comments »
A new rule, approved by the Secretary of State for Justice and expected to come into force on 6th April 2010, will enable The Information Commissioner’s Office (ICO) to issue fines of up to £500,000 for serious data security breaches.
This new power is in no doubt a reaction to several high profile data losses from large organisations including the DVLA and the Ministry of Defence.
With an enormous amounts of personal data stored and processed online, Christopher Graham, the Information Commissioner, said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act.
“These penalties are designed to act as a deterrent,” he said in an official press statement.
“I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”
Under the most recent Act of 1998, data can only be used for the purposes for which it is collected and cannot be given to others without the consent of the individual.
Posted: November 27th, 2009 | Author: Richard | Filed under: Data Security | Tags: Access, Data Loss Risk, Security | No Comments »
According to the ‘the global recession and its effect on work ethics’ survey by Cyber-Ark, 48 percent of respondents admitted that they would take company information with them if they were dismissed tomorrow.
A third of workers would steal data to help a friend get a job while 13 per cent would take access and password codes.
Of the respondents, 39 percent would download company information if they found that their job was at risk and 25 percent said that the recession has meant that they feel less loyal towards their employer. Alarmingly, 13 per cent would take access and password codes to allow access to the network once they’ve left the company and continue downloading information.
Cyber-Ark claimed that the recession is creating camaraderie amongst workforces, at the expense of their employers as 41 per cent confessed to have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job.
The most desired information was customer and contact details for 29 per cent of respondents, then 18 per cent said that they would steal plans and proposals. Eleven per cent would take product information.
If we are to take anything out of this report, it is that organisations need to be open to make improvements to how they control and monitor access to vital business systems, even by those at the highest levels.
Posted: November 27th, 2009 | Author: Richard | Filed under: Data Security, Government | Tags: Access, Data Loss Risk, harmful media, Security | No Comments »
New research from IDC and security vendor RSA, that included 400 top level executives, revealed that organisations are more likely to suffer from accidental data security leaks than malicious insider attacks.
The research shows that the accidental data leaks often cause more damage than insider attacks; giving reason to doubt the traditional assumption that theft is the highest cause. Most security leaks are accidents that occur simply when employees do not follow correct security protocol or misuse information accidentally.
The firms that participated in the poll reported that accidental data loss accounted for 6,244 of incidents; unauthorized people receiving privileged access to data resulted in 5.794 incidents of risk, and malware attacks that came from within the firms accounted for 5,830 incidents.
Posted: September 16th, 2009 | Author: Richard | Filed under: Data Security, Government | Tags: Data Loss Risk, Government, harmful media, Security | No Comments »
A USB stick infected with malware brought Ealing council to it’s knees for several days after a town hall employee plugged it in to a work computer.
Despite the use of anti-virus software, the virus spread through Ealing council’s IT network, preventing the use of phones and making it impossible to process payments and fines for nearly a week.
On top of this delay, parking tickets worth £90,000 had to be cancelled, £14,000 was spent on on clearing housing benefit claims, the library service lost £25,000 as it could not issue fines or booking fees, and council property rent could not be collected.
Total costs are estimated to exceed £500,000 in lost revenue and system repairs.
A council report said:
“At the point the memory stick was plugged in the virus attacked the host PC.
It blocked connections to anti-virus and Microsoft Support websites and attempted to establish connections with 500 internet sites chosen at random from a selection of 25,000 seeking instructions from its author, and sought to also contact other similarly infected PCs that it could find.It then started propagating itself across the Ealing network.”
Bhav Lakhani, Operations Director at the international software distribution company Codework observed that;
“This unfortunate incident highlights the increasing dangers usb sticks and other endpoint devices pose and emphasises the importance of having a sound security strategy in place”
A council spokesman said: “The council acted immediately to protect all data and ensure that essential frontline services could continue.”
Posted: July 29th, 2009 | Author: Meha | Filed under: Data Security, Government | Tags: Data Loss Risk, Security | No Comments »
HSBC, Britain’s biggest bank, has been fined £3m by the financial regulator for failing to protect customers’ confidential details after data was lost in the post on two occasions. Three companies belonging to the bank’s insurance division have been fined by the Financial Services Authority after it found that large amounts of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen.
The failings date back to April 2007, when HSBC Actuaries, a division of the bank, lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers. Later in February 2008, HSBC Life, another division, lost an unencrypted CD containing the details of 180,000 policyholders in the post. The confidential information on both disks could have helped criminals to steal customers’ identities and commit financial crime. The FSA fined HSBC Life £1.61m, HSBC Actuaries was fined £875,000 and HSBC Insurance Brokers was fined £700,000.
Margaret Cole, director of enforcement at the FSA, said:“These breaches are very disappointing. All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals.
“It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.
Clive Bannister, group managing director of HSBC Insurance, said the group regretted the incident:
“Keeping our customers’ data confidential and secure is vitally important to everyone at HSBC,” he said.
“We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy.”
The data loss by HSBC is not the first time that data have gone missing from financial institutions and government departments. In November 2007, the government admitted that it had lost two CDs containing details of 25m child benefit records.
Another bank, HBOS, now owned by Lloyds, apologised to more than 60,000 mortgage customers in June 2007 after private information about them was lost in the post. The FSA takes any loss of data seriously.
In the past it has fined Nationwide, the building society, £980,000 for lapses in information security procedures after a laptop containing sensitive customer information was stolen from an employee’s home.
Norwich Union, part of Aviva, was fined £1.26m for not having effective controls in place, enabling fraudsters to obtain customers’ details and cash in £3.3m of policies.
A report issued by the regulator last year found that many financial services firms still had lax attitudes toward their customers’ private information, despite the series of high-profile incidents.
Posted: July 14th, 2009 | Author: Sai | Filed under: Data Security | Tags: Control, Data Loss Risk, Security | No Comments »
When it emerged recently that an unencrypted laptop computer containing the bank account details of 75,000 Bord Gáis customers had been stolen in Dublin, the issue of data protection and encryption once again came to the fore.
The data on the stolen Bord Gáis laptop included bank account numbers, sort codes and bank addresses, as well as the names and addresses of account holders. The incident is the latest in a long line of embarrassing blunders and follows quickly on the heels of news that 15 Health Service Executive (HSE) laptops had been stolen from its offices in Roscommon.
As data security breaches continue to occur, the Office of the Data Protection Commissioner fears that some firms are not treating consumer data with the required level of caution.
While much of the discussion around data protection in recent months has centred on the theft of laptops and the lack of encryption, there are a number of other areas that also deserve attention. For example, if an employee is able to download valuable details from a laptop, albeit an encrypted one, onto a USB key, this presents a massive security risk.
What’s your opinion of the risk to data?
Please see how AccessPatrol can provide endpoint protection by clicking here, or contact usto discuss your requirements.
Posted: July 10th, 2009 | Author: Sai | Filed under: Internet, Web Monitoring | Tags: Block websites, Data Loss Risk, Security | 1 Comment »
The recent findings of an independent survey conducted by Dynamic Markets highlight that only 12% of IT managers in the UK believe that the ‘dynamic’ Web (the top 100 most popular sites) contains the biggest security threat when, according to a similar report focused on technical research, approximately 70% of the top 100 most popular websites have hosted or directed users to malicious code or put them at risk to fraudulent activity.
More than a third (37%) disclosed that employees at their organisation have tried to bypass IT security policies to access unapproved Web sites which fall into this category. This is despite the fact that 82% of respondents reported confidence in their organisation’s Web security although 9% of IT Managers aren’t even sure of their own IT security policies.
Unsurprisingly, more than half (57%) of IT managers believe that the internet is important to their business. The survey also highlights that three quarters (75%) of IT managers feel pressured to allow more access to the web for employees. This pressure is coming from all areas including management as a way to demonstrate trust in their staff. As the importance the internet plays in businesses continues to evolve, IT departments will face increasing pressure to strike a balance between preventing security risks whilst also allowing staff to access this business enhancing tool in a safe and secure way.
In an office environment, one way of allowing staff the freedom and trust to browse freely is to establish a comprehensive web use policy and to monitor business traffic.
How secure is your network?
Click here to learn more about how BrowseReporter can help you do this. Alternatively, please feel free to contact us to discuss your requirements.
Posted: July 9th, 2009 | Author: Sai | Filed under: Data Security, Internet Restriction | Tags: Data Loss Risk, Security | No Comments »
A recent survey by an IT vendor of 400 professionals has discovered that 74 percent of those involved in the survey said they could circumvent IT access controls if they wished in order to move freely around on the network.
When faced with the question: “What would you take with you,” the survey found a six-fold increase in departing staff who said they would take financial reports or merger and acquisition (M&A) plans, and a four-fold increase in those who would take CEO passwords and research and development (R&D) plans.
By comparison, in 2008 only seven percent said they would take M&A plans when leaving the company, which is a considerable difference when gauged against the 47 percent revealed by the current report.
Click here to discuss
Protect your company information with AccessPatrol: click here
Take control of unnecessary internet access in the workplace with BrowseControl: click here
