Sensitive information at risk after council loses unencrypted USB drive
February 23, 2011 | Uncategorized | CyberArk
by Josh Arrington
The Information Commissioner’s Office (ICO) has found Cambridgeshire County Council in breach of the Data Protection Act, after the council lost an unencrypted memory stick, contrary to policy, containing sensitive data relating to vulnerable adults.
What’s interesting, and in many ways particularly disappointing, in this story is that the council had only just undertaken an internal campaign promoting its encryption policy. The fact that so soon after this a member of staff was willing to completely ignore the policy really indicates just how far organisations still have to come in educating workers on the importance of information security.
On top of this, it’s fair to say that using USB drives for such important information at all should be out of date. Technology has sufficiently advanced that companies should be looking beyond such devices – which have proven far too often to be vulnerable in nature.
What organisations must look for is a secure file transfer solution that removes sensitive information from such devices and keeps them stored centrally and securely. This would go a long way to mitigating the risk of losing data when mobile devices inevitably do go missing.