Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

MI5 uses the tech as well which is handy, as it lost a portable computer through an open window in October.

And while the General Teaching Council failed to pay attention to the moral of the HMRC story don't put important things in the post its lost disc was helpfully encrypted, meaning the 11,423 affected teachers could sleep a little easier.

The majority of the other cases in the past year haven't involved encrypted media but why not? The tech is cheap and relatively easy to roll out. The point could become moot in the next few years, as the next version of Microsoft's Windows operating system is expected to have encryption built-in though does anyone want to wait that long or depend on Microsoft to keep us safe? Didn't think so.

Lesson Six: People are the weak linkNo matter what tech you use, or what policies you put in place, it all comes down to people and their skills do they know about data security and are they even capable of keeping things safe?

Indeed, speaking at a Gartner security summit, Martin Smith, chairman of the Security Awareness Special Interest Group (SASIG), said that no matter how shiny and cool and secure a firm's tech was, "the people screwed you in the end."

With that in mind, the government has announced all civil servants handing private data are to get security training a good first step, but it needs to be expanded. Is there any arm of the government which doesn't handle people's private data?

Lesson Seven: Hold less informationOne of the problems with the HMRC case was how much information was on the discs. After the breach, reports revealed that less information was actually requested by the intended recipient the National Audit Office but the tax body didn't have the time or money to strip fields out of the data base, so more information was sent than necessary.

And as the government looks to collect more and more data on its citizens, for projects like the national identity card scheme, this problem will only grow. This point was hammered home in a report from none other than the Home Affairs Committee, which said the government should keep watch on "function creep" and adopt a principle of what it called "data minimisation", collecting only essential information.

"What we are calling for is an overall principle of 'least data, for least time'," said committee chairman Keith Vaz at the time. "We have all seen over the past year extraordinary examples of how badly things can go wrong when data is mishandled, with potentially disastrous consequences."

The ICO has also repeatedly called for less information to be held, but the government doesn't seem to hear its own watchdog barking

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
ICO publishes new data protection standards for the adtech industry
data protection

ICO publishes new data protection standards for the adtech industry

25 Nov 2021
Celebrity data leaked after ransomware attack on London's Graff jewellers
ransomware

Celebrity data leaked after ransomware attack on London's Graff jewellers

1 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022