Update on the UK security breach: Sad lesson indeed here, but something to pay attention to if you are in the health care business and use devices to transport patient documents...not a good thing to do without encryption...and better done on a secured server..."The cost of data breaches can run into millions, but the cost of encryption is relatively low," ...and with a data base you have AUDIT TRAILS. But the best is in the paragraph below..."it would cost extra"...perhaps someday there will be people in leadership rolls that understand data, security and cost.
What is usually the case is someone at the top of the helm who has very little IT knowledge and is making the call to save a few dimes, but look what the error created...anybody read the TJ Maxx story lately? The same goes on at businesses every day, IT departments short changed on their budgets and their superiors just simply don't have one clue...and we all suffer as these folks are usually the ones who hate change and resist technology, yet they are in those positions to deny and resist funding where money is clearly needed today...the wheel is broken and needs to be fixed...and it's at least good to see how high up the chain the poor decision went, based on emails in the system...the higher up it went with management, the worse it became without someone running a SQL query to delete the sensitive data as they felt this was too costly, so let's just put everyone at risk, right? Obviously the one making the decision not to "bother" and add additional processing time didn't have a clue one as to the potential of breaching sensitive patient data on millions of files...only his nickels and dimes. BD
E-mails released by the U.K.'s National Audit Office have confirmed that officials at the U.K.'s tax agency, HM Revenue and Customs, did not want to remove sensitive information from child benefit data sent to the auditors because doing so would cost extra.
Security analysts criticized the HMRC's data notification policy, and said the lack of encryption, use of discs as opposed to electronic transfer, and poor information management contributed to the fiasco.
Joseph Hoban, vice president at GuardianEdge, said: "Securing two disks with only a password is not sufficient... To put an end to this catalogue of errors, the government needs to encrypt any removable devices like USBs or CDs that are to be transported - otherwise people should go to that data not the other way around. This way, if a removable device falls into the wrong hands - which it well might - it cannot be accessed and compromised."
Banks in the U.K. could end up spending upwards of $500 million to deal with the aftermath from the recent loss of computer disks containing bank account and other personal data belonging to about 25 million people, according to analyst firm Gartner Inc.
ITPro: News: Security firms condemn HMRC for breach
0 comments :
Post a Comment