Insolvency Service laptop theft creates industry response
Protocols for security have been questioned following more data breaches.
Following reports that a laptop containing containing the details of 122 former directors of insolvent companies has been stolen from its Manchester offices, it has been revealed that this was one of four laptops stolen. Although no bank account details were held on the directors, names, addresses, dates of birth and occupations were.
The Insolvency Service also reported that a further 150 people have been directly affected by the loss of the data and in a small number of cases the data included names, addresses, and bank account details of creditors, complainants and employees.
Don Smith technical director at dns, a UK based security consultancy, said: “The Insolvency Service is one in a long list of organisations that have fallen victim to data loss. Not only does this call into account issues of physical security, but it also questions whether or not the correct user access protocols were in place to prevent something like this from happening in the first place.
“Often, critical expertise is missing and firms leave vital security policies to chance, especially as encrypting sensitive data of this nature should be a standard procedure - ensuring that all sensitive documents, virtual memory files and temporary files are stored in encrypted form.
“Given the current economic climate, companies will want to seriously consider how safe their corporate devices are and how they are accessed outside of or over the network. Organisations that are struggling in this area can and should seek help from security experts, who can help manage data and threats on a 24/7 basis. This kind of assistance not only reinforces weak security policies, but can prevent organisations becoming victims of the next data loss or breach."
Andrew Clarke, senior vice president of International, Lumension Security comments: “It seems that more and more sensitive information is ending up in the public arena. Bankruptcy is without doubt a traumatic experience for anyone to have to go through, but to have the finer details of that process stolen, will only exacerbate the situation for the 122 directors concerned.
“The portability of laptops and USB devices has presented a real data loss issue in recent years. We have seen too many cases of sensitive information held by both the Government and industry end up in the wrong hands.
“Organisations need to realise that safeguarding sensitive data should start at the network door. It is essential to monitor network access and only allow authorised individuals to connect and download data onto authorised devices. Once data access control and encryption work hand-in-hand we can go a long way to reduce the risk of sensitive data breaches.”