Despite the lessons of lost data firms still running risks


Despite the lessons of lost data firms still running risks

Simon Quicke

The prospect oif a data leak on the scale of the HMRC one that lost discs containing millions of personal user's data continue to be a daily reality as the lessons of that event appear to be ignored by some businesses.

In the best part of three years since the discs were lost there have been numerous other incidents of data getting mislaid, lost or left in the back of cabs. But where the HMRC discs disappeared into a black hole was in the post and according to a Cyber-Ark survey posting data remains a habit for some firms.

In a survey the security vendor found that 19% of companies are still using couriers to send large or sensitive files. There have been some improvements but the continuing transfer of physical data files goes against one of the main points made in the Poynter Report which came out following the HMRC problems.

Mark Fulbrook, UK director for Cyber-Ark, said that even when companies used alternatives such as FTP or other web based transfers there were security concerns.

"More alarmingly is those organisations that are using a web based offering - they may just as well stand on a street corner and give away their information as these services just weren't designed with sensitive corporate data in mind," he said.

The threat of half a million pound fines from the Information Commissioners Office and public notification of leaks does appear to be having an impact.

"It is well documented that the ICO has been arguing for prison sentences for those who 'con' information out of companies and sell on data. That's on top of the £500K fines they can now impose," added Fulbrook.

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.