Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Serious procedural failings at Bord Gais

CyberArk Software : 23 June, 2009  (Technical Article)
Cyber-Ark comments on the laptop loss at Ireland's energy company and advises companies to use data vaulting rather than risking the storage of such sensitive information on mobile endpoints
The theft of a laptop containing the bank account details of around 75,000 customers of the Irish Gas Board highlights a serious security procedure failing, rather than an unfortunate incident, says Cyber- Ark, the digital vaulting specialist.

The fact that the data on the laptop - one of four stolen from the Bord Gais offices and adjacent buildings earlier this month - was not encrypted is a very serious issue says Mark Fulbrook, Cyber-Ark's UK and Ireland Director.

'That's bad enough, but best practices in IT security mean that the sensitive customer data shouldn't have been stored on a laptop in the first place - it should have been digitally vaulted or at the very least encrypted locally and accessible only on a need-to-use basis,' he said.

'And that need-to-use basis should only be available across the company's network, using authenticated and logged access procedures,' he said.

Whilst there is a case for allowing access to customer records remotely, the information should never include customer payment details, and certainly not their bank account information unless through a secure channel with full authentication, encryption and security measures in place such as digital vaulting, he explained.

'But to store customer bank account data unencrypted on a laptop goes against all known IT security procedures. It's a very serious procedural error,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo