The 2010 landscape
The severe weather conditions at the start of 2010 forced many employees to work from home. Most accessed the corporate infrastructure using mobile devices, such as netbooks and Blackberry's. According to a report in The Times, business groups warned that the January snowfall could cost the economy nearly £2 billion but that would be the tip of the iceberg if the sensitive data was leaked during the big freeze.
Hostile conditions ahead
In January, the Information Commissioner's Office (ICO) revealed it was to be granted new powers, which has been approved by the Secretary of State for Justice, and laid before Parliament. From the start of the new tax year (April 6), the ICO can order organisations to pay £500,000 as a penalty for serious breaches of the Data Protection Act - a framework of rights and duties which are designed to safeguard personal data.
Stem the tide
With mobile devices considered manna from heaven to workers seeking flexibility, they have become a plague for the information security professionals trying to secure them. Small USB memory sticks are easily available, often without any security features, which users can use to carry and transfer massive amounts of data. Worms and other malware are being discovered that target iPhones - one example is a worm that targets iPhones to steal banking data and enlists the device in a botnet, although at the moment this is thought to be limited to the Dutch online bank ING. However, the major cause of data breaches is theft of mobile devices, especially laptops with tens of thousands stolen every year often containing sensitive data that require public disclosure as a data breach.
Just as there are a multitude of devices designed to carry data, so is there assorted technology to secure it
It is in the organisations favour to embrace an employee's enthusiasm to spend their own time completing tasks at home - especially when snowed in, or even unwell in bed. The hard bit is to do so securely. Someone who wants to transfer data from the safe confines of the corporate environment will do so, with or without your blessing - they've got a tool to utilise in a pocket and they're willing to use it. Organisations need to recognise this fact and counteract it. The first step is to educate the workforce on the risks this practice exposes the organisation to and then facilitate the process to allow them to do so securely.
There's no such word as can't
Just as there are a multitude of devices designed to carry data, so is there assorted technology to secure it. The challenge is to pick one that provides the right level of protection for you're data balanced with ease of use for your employees - if it's inadequate then why waste your money, too complicated and it'll be circumnavigated. By providing the workforce with a tool to carry data in the first instance, the employee has no reason to use their own inadequately protected device, thus allowing the organisation choice of how the data is secured.
The ICO recommends that portable and mobile devices used to store and transmit personal information should be protected using approved encryption methods which are designed to guard against the compromise of information. The belief in this technology is so strong that, where data breaches occur and encryption has not been used to protect the data, it publicly states enforcement action will be pursued.
For more information please visit www.originstorage.com [1]