RSS Alerts

Related Links

Related Stories

  • Encrypted MoD laptop stolen – along with encryption key
    The UK Ministry of Defence says one of its encrypted laptops was stolen from its headquarters in Whitehall, central London in November – along with the laptop’s encryption key.
  • Stolen NHS laptops recovered – no data breach thanks to remote wiping
    Four stolen laptops belonging to Lancashire Care NHS Foundation Trust, which provides mental health services, have been traced and recovered. According to the NHS Trust, no confidential data was compromised due to remote wiping.
  • Wigan council lost personal data on children and teenagers
    Wigan Council has been been forced to sign an undertaking with the Information Commissioner's Office (ICO) following the theft of a laptop, which resulted into the personal data on around 43 000 children and teenagers being potentially open to abuse.
  • Thirty-two MoD PCs went walkabout in first 131 days of 2009
    Statistics from the UK's Ministry of Defence show that a total of 28 laptops and four desktop PCs have been lost or stolen in the period of January 1 to May 11 this year.
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...

News

Council multiple laptop theft highlights security problems

04 February 2010

The saga of St Albans' council and four stolen laptops – containing the details of more than 14 000 postal voters – is coming to an end, but the security consultants that carried out the investigation say there are still security policy lapses at the council's offices.

In the aftermath of the laptops being stolen last year, security procedures - including the blanket use of encryption on all laptops and USB sticks - were imposed, but the report from the consultants does not appear to paint a pretty picture.

Although details of the security report are not being made public, the local Hertfordshire press has gleaned enough to generate a few news reports on the subject.

The Herts Advertiser says that the report highlighted a number of lapses in security

"Although the interim report found procedures had been significantly improved since the theft, including physical locking of hardware to desks and the encryption of laptops and memory sticks, a number of exposures' were still found such as staff sharing passwords", said the newspaper.

The paper added that the report "also identified several failures and disappointments, including the laptop theft, since Northgate (a contractor) was employed in 2008 at a cost of about £2.5 million over seven years.

"Recommendations in the final report included an updated ICT strategy, audit files for all log-ins and access to databases, and steps to ensure the trustworthiness of council and Northgate staff with access to the council's hardware, software and data assets", noted the paper.

According to Andy Cordial, managing director with Origin Storage, the theft of the laptops caused an uproar and, although staff are physically locking hardware to their desks, and portable device data is being encrypted, employees are still taking a poor approach to security generally.

Cordial, whose storage management firm supplies portable data security systems with multiple layers of defence to clients, says that using encryption is only part of the equation when it comes to protecting data.

A Quocirca report issued last July, he said, advised companies take better control of their critical information and use all possible methods to prevent information falling into the wrong hands should a device be lost or stolen.

The report, he added, concluded that there are significant productivity gains to be generated through the ease of good administration and management when it comes to protecting data in transit.

"Multi-layered data systems are now the best option for organisations wanting an easy to use portable data security system", he said.

"When added to other security procedures such as positive staff vetting for employees handling private data, the multi-layered defence strategy starts to make sense - especially if how the security layers work are easy to  understand, as well as use, for the employees concerned", he added.

 

This article is featured in:
Data Loss Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water