Security can be achieved when staff are educated on data loss
Data loss can be prevented with the right education and correct security.
Michael Gough, head of information assurance for the public sector and responsible for the security training programme within EDS, claimed that as removable media capacity increases the problem could be set to continue.
Gough said: “Over the last 18 months people have woken up to the problem. They need to ask themselves where it is necessary to use removable media, and where data encryption is used when there is high capacity movement of data to stop people moving things. The heart of the problem is human vulnerability rather than security and it has to be done by education and security development.
“We have a duty to our clients but nobody's perfect and human error is the source, with the HMRC why did people copy data on CDs? Why were they not protected when moving between government departments? Why was there no audit trail of the removable media?"
EDS recently won an award for its in-house security training programme at the Institute of IT Training awards. The programme will be a mandatory re-certifiable training course that the 40,000 EDS staff will take annually.
Gough said: “We are taking security and privacy seriously as an ethical proposal, the last 18 months has been a sea change in the reporting of losses starting with the HMRC incident to the point where there is one every couple of weeks. This is an endemic problem brought about by the use of removable media.
“Eight, 12 GB capacity media were not around a few years ago and I expect the problem to continue with high volume CD and DVDs available.”