Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Couriers Still Being Used For Data Transfer Three Years After HMRC Data Loss

CyberArk Software : 04 June, 2010  (Technical Article)
Cyber-Ark discovers that another case of misplaced data disks is still a possibility with large numbers of companies ignoring the recommendations of the Poynter Report published after the high profile data loss from Her Majesty's Revenue and Customs
24 months since the publication of the Poynter Report which was commissioned after the HMRC breach, and almost three years since the original misplaced discs came to light, and a similar breach could occur again. In a survey released by Cyber-Ark, the global software provider for protecting critical information, applications and identities, has discovered that 19% of companies are still using couriers to send large or sensitive files, the insecure transfer method utilised originally by HMRC which left a disc containing child benefit information missing in London! The survey was carried out amongst 238 IT security professionals at Infosecurity Europe (London) in April.

The survey showed that some of the lessons had been heeded, with 82% of companies now having systems in place to allow them to transfer data. A further positive conversion is the decline in the use of email, from 35% in 2008 to just 16%, and a considerable increase in the adoption of secure email, up at 42%. However, it's not all good news as a worrying 67% have now adopted File Transfer Protocol (FTP) as their preferred method to transfer sensitive data with a risky 28% trusting web based services.

Mark Fullbrook, UK Director for Cyber-Ark, explains why this strategy isn't as secure as organisations may believe, "With FTP, and even encrypted FTP sessions, the problem arises after data has moved while it sits on the FTP or SFTP server in plain text. The nature of the beast means the service is directly connected to the internet leaving it open to violation, and as there is no audit trail, no record of who accessed the files. More alarmingly is those organisations that are using a web based offering - they may just as well stand on a street corner and give away their information as these services just weren't designed with sensitive corporate data in mind."

There are 10 security principles in the Poynter report, the 8th of which is that 'Transfers of digital data involving physical media should be phased out completely'. However, our research has shown that instead of this method decreasing it would appear to be increasing. Initially 4% of respondents questioned in 2008 used the postal system to transfer large files, however this year that figure has increased to 11% as companies struggle to find simple and reliable ways to transfer large files.

Fullbrook added, "Last month Deputy Commissioner at the ICO, David Smith, said that although breach notification is currently voluntary, if he has his way there is every prospect that it would become a legal requirement. Additionally, it is well documented that the ICO has been arguing for prison sentences for those who 'con' information out of companies and sell on data. That's on top of the £500K fines they can now impose. A secure, centralised platform for governing and managing business file-transfers, such as Cyber-Ark's Inter-Business Vault® not only enables organisations to comply with the principles of the Data Protection Act satisfying the ICO, but adoption of this technology can also save time and money."

From a compliance standpoint, centralising all file-transfers into a single secure, scalable governed file transfer platform enables organisations to comply with regulations such as PCI, SOX, HIPAA and Basel II by ensuring strong authentication, enforcing audit controls and providing tamper-proof audit logs.

Beyond guarding against breaches, automation enables companies, particularly those in highly-regulated sectors such as financial services and healthcare, to mitigate the business risk of sensitive data loss or exposure.

Fullbrook concluded, "It's not just about security, it's about the ability to ensure productivity and guarantee the integrity of business operations. Investing in the right technology and processes now will go a long way to getting ahead of the growing volume of data transfers while meeting the demand for providing a better, faster service at lower costs, securely."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo