Corporate data loss seen to be a collective responsibility

News by Dan Raywood

Three-quarters of respondents to a recent poll believe that data loss is a collective responsibility.

Three-quarters of respondents to a recent poll believe that data loss is a collective responsibility.

According to the poll on a recent SC Magazine webcast, 76 per cent of respondents believe that data loss is a collective responsibility, while 12 per cent blamed management and 12 per cent the individual ‘who sent it'.

Commenting, Tim Burnett, information security manager at Atos, said that there is a whole range of issues, as "every excuse under the sun will be made if you have a breach".

Speaking from Atos' own experience, he said that a memory stick with encrypted data was lost when a sensitive customer project was being worked on, and that hit the news and it had to take responsibility to make sure it was not using such USB sticks anymore.

He said: “So the first thing is putting the policy in place that says ‘USB sticks should not be removed from the room', and that was broken, and that all data on a USB stick should be encrypted and some was and some was not.

“If you don't have a structure in place that is consistent across the entire company, then you end up with a problem with people moving jobs and departments and don't understand the situation, so we had to put in place a blanket ban on USB sticks.

“We only allow the use of hardware encrypted USB sticks and they must be company-approved so we have a limited number of devices so we have reduced the number and we have strict controls on them.”

Speaking on the poll results, Burnett said that you can start with a policy that says ‘this is how you must or must not do data sharing' and admitted that it takes time to get there. “If it is a collective responsibility you have to have the company policies in place and they have to be clearly defined and understood by the employees,” he said.

“If the IT technology is there then why not use it? Ultimately employees are responsible for their own actions.”

Jeff Whitney, vice president of global marketing at Ipswitch File Transfer, said that it was interesting to see the numbers on breaches; following an SC Magazine and Ipswitch survey of information security professionals found that 99 per cent of respondents said it was ‘important' that their organisation offered secure file sharing.

Whitney said that there was plenty of ‘blame and pain' going on across the board, and accountability is a challenge.

“They'll say ‘everyone does the same thing, so how can you hold me accountable when it is an unauthorised company approach'," he said.

“IT of course gets held accountable, and they have to talk to the managing director about why this happened, and the managing director has to go to the board and has to explain that, so it is a very uncomfortable situation that overall people want to avoid for so many different reasons.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews