Following the news that the ICO has fined insurance firm RSA £150,000 for the theft of a hard drive containing data for 60,000 customers, Dr Bernard Parsons of data protection specialist Becrypt commented below.

Dr Bernard Parsons, Co-founder and CEO of Becrypt:

bernard-parsons “Organisations are often focused on the threat of online cyber attacks that they are increasingly overlooking the physical security of their technology and infrastructure. The £150,000 fine handed down to RSA by the Information Commissioner’s Office for the theft of a hard drive containing unencrypted data for almost 60,000 customers should serve a warning on how dangerous this can be.

We find data at rest – information stored in removable hard drives and portable devices such as laptops and tablets – is frequently the weak link in an organisation’s security, leaving them extremely vulnerable to a serious breach in the event of a device being stolen or lost. Alongside the threat of malicious insiders stealing portable storage devices, we have also seen cases of burglaries targeting technology in recent months.

RSA should be commended on their use of passwords and building security to protect the data – as well as having systems in place to identify the information stolen, as many organisations still lack an effective central management system. However, this will not be of much comfort to the almost 60,000 customers dealing with the stress of their confidential information potentially falling into the hands of criminals.

These kinds of data loss incidents can be prevented if all potentially sensitive and valuable information stored on portable storage devices is encrypted against unauthorised access by default. This means that, even if the worst happens and a device is stolen by an insider, the organisation can be confident that the data it contains will be safe from abuse.”

Information Security Buzz