Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

MI5 uses the tech as well which is handy, as it lost a portable computer through an open window in October.

And while the General Teaching Council failed to pay attention to the moral of the HMRC story don't put important things in the post its lost disc was helpfully encrypted, meaning the 11,423 affected teachers could sleep a little easier.

The majority of the other cases in the past year haven't involved encrypted media but why not? The tech is cheap and relatively easy to roll out. The point could become moot in the next few years, as the next version of Microsoft's Windows operating system is expected to have encryption built-in though does anyone want to wait that long or depend on Microsoft to keep us safe? Didn't think so.

Lesson Six: People are the weak linkNo matter what tech you use, or what policies you put in place, it all comes down to people and their skills do they know about data security and are they even capable of keeping things safe?

Indeed, speaking at a Gartner security summit, Martin Smith, chairman of the Security Awareness Special Interest Group (SASIG), said that no matter how shiny and cool and secure a firm's tech was, "the people screwed you in the end."

With that in mind, the government has announced all civil servants handing private data are to get security training a good first step, but it needs to be expanded. Is there any arm of the government which doesn't handle people's private data?

Lesson Seven: Hold less informationOne of the problems with the HMRC case was how much information was on the discs. After the breach, reports revealed that less information was actually requested by the intended recipient the National Audit Office but the tax body didn't have the time or money to strip fields out of the data base, so more information was sent than necessary.

And as the government looks to collect more and more data on its citizens, for projects like the national identity card scheme, this problem will only grow. This point was hammered home in a report from none other than the Home Affairs Committee, which said the government should keep watch on "function creep" and adopt a principle of what it called "data minimisation", collecting only essential information.

"What we are calling for is an overall principle of 'least data, for least time'," said committee chairman Keith Vaz at the time. "We have all seen over the past year extraordinary examples of how badly things can go wrong when data is mishandled, with potentially disastrous consequences."

The ICO has also repeatedly called for less information to be held, but the government doesn't seem to hear its own watchdog barking

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021