Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

the manager was duly fired

While some might say the manager was made a scapegoat, others clearly hope such disciplinary action becomes more common. Either way, keep watch of those laptops, or risk your career.

Lesson Three: USB drives don't stay in pocketsMemory sticks are great you can transfer data easily and quickly, stick it in your pocket, and then lose it all on a pub floor.

Back in May, the MoD did just that. A USB was discovered on the floor of a Newquay nightclub. The unencrypted stick contained data on military personnel, training exercises, and soldiers' accommodations.

Advertisement - Article continues below

Thankfully, whoever discovered the roving USB did the right thing, and rather than hand it over to terrorists, turned it into responsible authorities a tabloid newspaper.

And just this month, the government lost a memory stick in a pub car park; this time, it held passwords to Government Gateway, a massive online public sector portal.

So while USB drives might seem a cheap and cheerful data transfer tech, they can be costly. Just ask PA Consulting. That firm mislaid a memory stick containing the details of all 84,000 prisoners in England and Wales. For that, the Home Office ended its 1.5 million contract.

Lesson Four: Laptops are easy to stealLaptops and portable hard drives are not only easy to carry around, but relatively pricey equipment. Unsurprisingly, if it's worth stealing and it isn't nailed down, it's going to get stolen.

So don't leave laptops near open windows, in unlocked car boots or anywhere a devious member of the public could spy it and snatch it. The MoD, the NHS and other government agencies can all attest to this, though they don't seem to be learning the lesson very quickly.

A Tooting-based hospital saw six laptops vanish in one incident this year, while two were stolen from a hospital in Brent.

Thieves nicked a laptop belonging to secretary of state for communities and local government Hazel Blears through a smashed window, while a MoD laptop holding details of 600,000 people was stolen from a car.

Laptops aren't the only theft-friendly devices. A few drives containing Royal Air Force personnel data went missing from a military base earlier this year.

And it's not just public sector organisations losing laptops. Associated Newspapers lost one computer containing bank account details.

Lesson Five: Encrypt everythingWith all the roving USB drives, stolen laptops, discs lost in the post, isn't it time encryption became the norm?

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

Most Popular

identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Five signs that it’s time to retire IT kit

29 Nov 2019

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019