Anti-terrorist police data found on USB stick

According to a report in a national newspaper over the weekend, the unencryted storage device contained more than 2000 pages of confidential information, including strategies on combating terror attacks.

In its report on the incident, the Sunday edition of the Daily Star said the stick was discovered by a 36-year-old businessman on the outside a police station in Stalybridge, Greater Manchester.

The stick was reportedly branded GMP POTU, standing for Greater Manchester Police Public Order Training Unit, and the paper says the files were produced by the National Police Improvement Agency on the subject of counter-terrorism and tactical deployment.

Newswire reports on the discovery quote police as saying they are investigating who the USB stick belongs to and the circumstances surrounding its loss.

Commenting on the news, Terry Greer-King, UK managing director with IT security vendor Check Point, said that the incident shows why data on USB drives must always be encrypted.

"Guidelines to staff, and security policies don't stop devices being lost or misplaced, and these simple accidents and human errors will turn into real problems if data isn't protected", he said.

"Companies should ensure all data copied to USB sticks and CDs is automatically encrypted, and the use of all non-authorised devices controlled. This ensures that users cannot turn off or work around the security", he added.

Over at secure storage vendor IronKey meanwhile, Colin Woodland, the firm's vice president, said: "The issue of employees’ losing data or being victims of theft will likely never change, which is why we’re working with a number of constabularies and police forces across UK and EMEA who are actively using IronKey to protects officers on the streets."

"Obviously this sort of data really should have been encrypted, however, we advise our customers, whose mobile workers regularly handle sensitive or valuable data that they go beyond just simple encryption and implement an auditable data protection record", he added.

According to Woodland, this way, if the police wanted to know if someone had attempted to access the device there questions can be easily answered.

"And in this case the ideal solution is a managed service, which would allow the IT department to manage the encrypted devices so they can track and ultimately destroy any data that is lost, even if it ended up in the hands of a terrorist group”, he explained.

What’s Hot on Infosecurity Magazine?