RSS feedsUnless you have been on Mars for the past six months, you will not have missed the high-profile data breaches suffered by both Government and private sector organisations. But why have these breaches been happening?
The proliferation of portable storage devices such as laptops, USB sticks and ‘lifestyle’ products such as MP3 players, alongside unmanaged PC connectivity has created a recipe for disaster. It really is too easy to accidentally leave a laptop in the back of a taxi - or, indeed, lose a CD in the post.
Whatever policies are in place governing the treatment of sensitive data, the fact remains that humans will make mistakes. Organisations need to ensure that technological methods of protection are in place in order to minimise the risk to confidential information.
For example, encryption of all data transferred onto a portable device is a simple, quick and cost effective solution and yet it doesn’t seem to be happening as a matter of course. The reasons for this seem to be two-fold:
First, people don’t yet understand the risk associated with customer data and therefore don’t take the necessary precautions. Second, most organisations deploy standalone encryption solutions, which can be troublesome to decrypt by partners outside the organisation, and this perceived hassle can put people off bothering to encrypt at all.
Ultimately, responsibility for the security of sensitive information has to rest at the top. It may be difficult to convince the board of the importance of data security but the financial and reputational impact of losing data can be catastrophic.
How would your business cope if your closest competitor suddenly had a copy of the prototype for your hottest product? Plus of course, the indirect costs, such as legal fees, compensation etc. And this doesn’t take into consideration the damage to a company’s reputation and consumer confidence following a high-profile breach, which could cost millions and be unrectifiable.
While it is undoubtedly crucial that organisations have procedures and technologies in place to prevent a breach and protect the data, underlying behaviours and attitudes also need to change.
Consumers place huge amounts of faith in organisations to keep their information safe. These organisations must demonstrate they take this responsibility seriously and are doing their utmost to keep personal data secure. Is it time for the Government to pass a full disclosure bill whereby all data breaches have to be made public and the appropriate disciplinary proceedings taken?
Matt Fisher is vice president of marketing at Centennial Software
