Data leakage filled the headlines in 2008 as corporations and government proved themselves to be lax in protecting their confidential data44.
Organizations of all sizes are finding that today’s mobile and collaborative workforce needs access to information inside and outside the office, along with the ability to share data with co-workers and partners.
Users are routinely using and sharing data without giving thought to confidentiality and regulatory requirements. Almost 30 percent store contract and financial data, customer information, sales targets, contact details and personal account data on removable media45. This has led to numerous incidents of data loss that are often accidental rather than malicious.
Used hardware
A number of incidents were reported of confidential data ending up in the public domain after old computer hardware, which had not been securely erased, was sold on auction sites like eBay46.
This has led some observers to suggest that there is a higher demand (and thus higher price offered) for used hard drives on eBay than for brand new ones. This is unsurprising, considering the amount of confidential information that is potentially recoverable47.
Encryption
The most important step in stopping data leakage is to encrypt sensitive information, laptops, removable storage devices and email. If data is encrypted with a password it cannot be deciphered or used unless the password is known. This means that even if all other security measures fail to prevent a hacker from accessing your most sensitive data, they will not be able to read it and so compromise the integrity of your information.
The second step is controlling how users treat information. You want to stop any risky behavior, such as transferring unencrypted information onto USB sticks. Organizations should extend their anti-malware infrastructure in order to:
- Control the use of information.
- Guarantee efficient operations.
- Ensure that they meet regulatory requirements.
Data loss is big money
In August 2008 US authorities charged 11 men with being involved in a hack that stole more than 40 million credit and debit card numbers. The retailers affected included OfficeMax, Barnes & Noble, Boston Market, and TJX, which operates retail stores TJ Maxx (known as TK Maxx in the UK) and Marshall’s.
According to the Secret Service and Department of Justice, the “wardriving” gang (driving through an area in search of insecure wireless corporate networks to hack) installed malicious programs and then sold the stolen information to other criminals in the US and Eastern Europe. Tens of thousands of dollars were then illegally withdrawn from ATMs using forged credit cards.
In another incident, the British Home Office confirmed that a USB memory stick containing the unencrypted personal details of some 130,000 convicted criminals had gone missing. Information included names, addresses, dates of birth and, in some instances, prisoners’ release dates. The USB stick was being used by external contractor PA Consulting, which as a result,
lost a £1.5 million contract with the British government.
Sophos.com
No comments:
Post a Comment