Things just seem to go from bad to worse for the U.K. Ministry of Defense (MoD) when it comes to how they handle their data. For the past couple of years they have had hundreds of laptops gone missing, scores of USB sticks lost and even external hard drives vanishing from highly secure facilities.
One piece of news that has caught my eye this week was about at data loss incident that occurred at RAF Innsworth in September 2008. It was first reported that three USB hard drives had been stolen and contained the details of 50,000 soldiers. The details included personal appraisals of serving soldiers and veterans including their names, service numbers, addresses and dates of birth.
An internal MoD memo that was recently obtained under U.K’s Freedom of Information legislation stated:
“This information included details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties”.
UK media are now having a field day with this new revelation reporting that people are now wide open to blackmail leaving the Ministry of Defense even more red faced. The MoD had already stopped investigating the theft and the hard drives haven’t been found since.
So what can a business learn from the data loss at RAF Innsworth?
Believed it or not we can learn alot from the incident at RAF Innsworth as they have failed to peform the most basic of steps in securing their data.
Site security – RAF Innsworth was a secure facility with armed gaurds so I’d only assume the theft was internal. If this was the case then it’s likely the USB drives were not securely attached to anything or locked away with restricted access. Internal theft is a highly common occurrence in many businesses so user restrictions are essential.
Encryption – The hard drives and the sensitive data had not been encrypted giving anyone who had the hard drives free access to all the files in the drives. There really is no excuse for this as the technology is available like our online data encryption service.
Confidential Data – If information is highly sensitive and confidential using USB hard drive for storage isn’t advisable. These drives are compact and can be easily moved about making them easy pickings for a thief.
Some friendly tips
I personally don’t like mobile devices due to the fact they can be easily lost or stolen and I would advise not to use them where possible, easier said than done. If your business has no choice but to use USB devices then have procedures in place that could prevent a serious data breach.
Here are some easy tips to start with:
- Do not use USB drives for sensitive data when possible
- Encrypt the data stored on USB devices
- Restrict users from accessing USB devices
- Secure USB Drives by using chain locks
- Store USB drives in a secure fire proof location
These 5 tips are essentially very basic but yet many organisations and businesses are still failing to follow them.
Related posts:
