Police and prosecutors in the UK are losing sensitive evidence because it is still being shared on computer discs. The HM Crown Prosecution Service Inspectorate and HM Inspectorate of Constabulary said there was a ‘widespread issue’ misplacing discs containing sensitive evidence and information. Here to comment on this news are security experts from Ipswitch and QA.
Michael Hack, SVP of EMEA operations, Ipswitch:
“The way that files are shared and moved is absolutely key in securing the data in transit. A disc with data on it key is as easy to lose as a purse or a set of keys. An unencrypted disc with personal and sensitive witness data on it is more than careless, it is negligent.
“Under new proposed EU data protection law (GDPR) fines for this kind of breach are set to increase drastically for private sector organisations to up to 4% of global turnover. However, it’s currently unclear how public sector organisations like the CPS will be affected. The draft bill says that national governments will have the freedom to decide whether fines can be issued to public bodies in their country should those bodies breach the GDPR.
“Public and private sector organisations can’t take chances when it comes to IT security and must make sure critical information is kept safe. By automating, managing and controlling all file transfers from a central point of control, employees are able to easily send and share files using IT approved methods. The IT department also gains complete control over activity. It’s no longer good enough just to have the right policies in place for secure data transfer, an organisation must ensure it has the right file transfer technologies, security systems, processes, and most importantly, staff training.”
Richard Beck, Head of Cyber Security at QA:
“According to the latest QA cyber security survey, human error is the second largest concern (19%) for IT decision makers this year, with ‘compromise through employees’ and ‘employee negligence’ both featuring in the top five threats.
“Organisations can try and limit the impact by increasing staff awareness of cyber threats. With a fifth of those surveyed acknowledging that the biggest threat to security next year is likely to be human error, educating staff on how to detect and deter common threats like social engineering or phishing attacks could prove invaluable in helping defend an organisation.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.