This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Why are you failing to meet your portable data security responsibilities?

Share this article:
Why are you failing to meet your portable data security responsibilities?
Why are you failing to meet your portable data security responsibilities?

Organisations across the UK are of course aware of the need to secure personal and corporate data within their business.

Reinforced measures to protect such information have been implemented in recent years to prevent access by unauthorised individuals. Despite this, incidents of data breaches surrounding mislaid or stolen unencrypted portable data storage devices continue to occur with alarming regularity, as headlines in the trade and national press show.

The results of iStorage surveys conducted at Infosecurity Europe between 2010 and 2012 revealed a growing percentage of respondents admitting to losing portable data storage devices containing personal or company data. In 2010, nearly a quarter (23 per cent) admitted to experiencing such a loss; this rose dramatically to over one-third (34 per cent) just two years later.

This alarming trend is further underlined by the fact a majority of IT professionals (54 per cent) that completed the survey at Infosecurity Europe 2012 carried unencrypted data on USB sticks and other portable storage devices.

Data protection and the law

Under the terms of the UK Data Protection Act 1998, organisations handling personal information about individuals have legal obligations to safeguard that data. The Information Commissioner's Office (ICO) recommends an array of security measures organisations should take, including the following for computer security, that organisations should "encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen".

This of course extends to personal and corporate data removed from internal servers or corporate data centres and stored onto portable hard drives, USB flash drives and optical media.

Three years ago the UK government gave the ICO the power to fine organisations guilty of serious data protection breaches with fines up to £500,000. Since then, it has fined a number of organisations and signed data protection undertakings with bodies across the private, public and third sectors, many as a result of lost or stolen unencrypted portable devices.

This caveat regarding the encryption of such devices is important, since data at rest on encrypted portable digital media will remain safe, even if lost or stolen.

Portable encryption and protection

The importance of using encrypted personal devices as a means of securing sensitive material cannot be underestimated, especially when organisations continue to ‘store' such data on paper or optical media. For instance, the ICO recently fined the Nursing and Midwifery Council £150,000 for losing three DVDs relating to a nurse's misconduct hearing.

It seems organisations are not taking the necessary precautions to protect sensitive information, something all the more inexcusable given the encrypted portable solutions available today.

There are, naturally, a number of encrypted devices on the market, but using products offering a strong combination of physical and digital security measures, from multi-digit pin access via onboard keypads to military grade real-time data encryption and anti-brute force hacking capabilities, deliver the most robust, 360-degree portable data security solutions.

Despite the ICO reprimanding and fining those guilty of serious data breaches through the misuse of portable storage, more could be done to reduce incidents of data at rest leakage. In addition to better levels of education and process training, organisations should introduce hardware encrypted portable devices into the workplace to ensure data remains inaccessible to unauthorised individuals even if hardware is lost or stolen from the organisation.

John Michael is CEO of iStorage

IStorage Limited is exhibiting at Infosecurity Europe 2013, held on 23rd – 25th April 2013 at Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

Winning strategies in cyber warfare

Winning strategies in cyber warfare

The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.

Getting to the heart of the problem

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell

Changing the cost of cybercrime

Changing the cost of cybercrime

Oganisations need to cooperate and share threat intelligence in order to increase the cost of cyber attacks for hackers suggests Russ Spitler, VP product management, AlienVault