Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

Oops! We’ve lost your data!

on October 21, 2009

Over 100,000 former adult students in Virginia are being contacted by the education authorities after a USB stick with information including their names, social security numbers and employment and demographic details, was misplaced.

The data was not encrypted, the Washington Post reported this week.

The data was lost after a department employee handed over the USB stick to a Virginia Tech employee who required the information for federally mandated research. The USB stick was lost the following day.

According to the Post, the education department in Virginia said that measures to protect the data were in place – policies and secure systems – but added that no policy or system is immune from human error.

Human error alone, however, does not justify the fact that the data was misplaced or that it was allowed to be taken out of the building.

If data is confidential there are more secure methods of transportation. For example, data could have been sent via a secure web portal eliminating the risk of loss during transit. Encrypting the data, especially on a drive, is a must and should be standard policy for every organization – small or large – that handles confidential data. There should also be clear policies that stipulate who can and cannot handle the data and who has access to it.

This story once again shows how important it is for organizations to look beyond technology measures where the security of their data is concerned. No one is immune to human error but planning and implementing user policies can go a long way to lower the risk. Organizations need to be able to track where their data is at all times and ensure that it cannot be compromised along the way. And security policies not only need to be watertight but enforced as well.

The loss of 103,000 student records is a serious breach of trust that could have been avoided with better policies in place. Of greater concern is the loss of credibility as a result of such incidents.

This case can be added to a huge list of data breaches. According to the Privacy Rights Clearinghouse, the total number of records containing sensitive personal information involved in security breaches in the US since January 2005 is: 339,863,601.

About the Author:

David Kelleher is Director of Public Relations at GFI Software. With over 20 years’ experience in media and communications, he has written extensively for business and tech publications and is an editor and regular contributor to Talk Tech to Me.

 
Comments
Leandro Amore November 20, 200910:38 pm

I totally agree with you regarding the data encryption, today there is no excuse for leaving you data unencrypted really. As a Microsoft user you have plenty of methods for protecting your data without a sweat.
For full drive encryption you can use Bitlocker, this feature was introduced in Vista, and enhanced in Windows 7. It allows the user to encrypt his full drive using AES.
For removable drives, you can use Bitlocker to Go (windows 7 only) which allows to encrypt any removable disk and read them in any system typing a password.
There are other solutions like hardware encrypted USB keys or free software like True Crypt (http://www.truecrypt.org/). This free software allows full volume encryption and some other feature for free.
So with all this offering I really don’t see the point of risking your data by leaving it in the open.
Cheers

Leandro