Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Preventable Data Loss At Rochdale Council

Cryptzone : 07 November, 2011  (Technical Article)
Cryptzone comments on the loss of resident data from an insecure USB flash drive at Rochdale City Council and how easily it could have been prevented
Preventable Data Loss At Rochdale Council
Commenting on revelations that Rochdale council has been censured by the ICO after losing an insecure USB stick that contained the personal details of 18,000 residents, Cryptzone says that the sad fact about the case is that it could so easily have been prevented.

According to Grant Taylor, VP of the IT threat mitigation specialist, controlling data on USB sticks can easily be achieved using a combination of encryption, backed up by enforced security policies to ensure data compliance.

“Using this belt-and-braces approach means you have policy enforcement software allied with a secure USB stick environment where data has to be moved using this type of hardware. You can also allow controlled access to the data on secure remote basis,” he said.

“Taking a centralised secure silo approach to data leak prevention is actually the preferable methodology, as it's perfectly possible to have multiple storage systems across different offices, where a large number of employees require access to a constantly updated file database. But whichever security methodology is used, the important thing to realise is that these systems are now easy-to-use and transparent as far as the end user is concerned,” he added.

The Cryptzone VP went on to say that the Rochdale council data loss is quite significant as it amounts to 8.7 per cent of the 206,000 population of the city, although with just over 10,000 employees, the council clearly has a large number of staff handling a lot of data on a daily basis.

This does not excuse the loss of an insecure USB stick however - or the fact that the data was outside the control of the council's security envelope - making the incident a double breach of the council's security rules, he explained.

What I find amazing is that the USB stick was used to store the financial accounts of the council, suggesting that residents' names and addresses, along with details of payments to and by the council, says Taylor.

“The only saving grace here is that details of the resident's bank accounts were not stored on the USB stick, as otherwise you would be handing a identity theft kit on an electronic plate to cybercriminals, which, at current rates, would be worth around £12,000 on the cybercriminal carder and allied data exchange forums,” he said.

“It saddens me to hear that the investigation by the ICO found that Rochdale council's data protection practices were insufficient and that it failed to make sure that memory sticks provided to staff were encrypted. The council also reportedly failed to provide employees with proper data protection training,” he added.

“This is all about manager and user education, so it's clear that we, as an IT security industry, need to redouble our efforts on the security education front.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo