What are the often overlooked repercussions of data loss?
Data loss can have significant consequences for businesses of all sizes, depending on the type of information that is mislaid or stolen. From a financial standpoint, fines levied by the Information Commissioner’s Office (ICO) for data loss can be as much as £500,000 – a financial loss that could devastate many firms. In the recent survey of over 500 security professionals, we asked respondents whether they were familiar with the maximum fine that could be imposed on businesses and Government bodies for serious breaches of the Data Protection Act.
We found that 67% were aware of the significant financial implications. However, while this awareness is there, the very same survey found that half of these professionals are not adequately encrypting data while on the move, a fact that is deeply concerning for those of us working within the information security industry.
The potential adverse publicity and reputational damage that can be incurred as a result of data loss should also be a key concern for all organizations. This should be considered specifically by those responsible for the handling and security of critical data including IT Managers, CIOs, CISOs and Data Protection Managers. In the event of a widespread data breach, it will likely be those individuals responsible for data security whose jobs could be at risk should data loss occur.
Of course, if sensitive data is lost and ends up in the hands of a competitor then the implications could be hugely detrimental. Equally, lost financial data could lead to cloning with considerable negative consequences.
The final repercussion to consider is the damage that can occur to organizational operations should data be lost that is not stored elsewhere. For any firms that lose information that is not securely backed up in another location, this could be very detrimental and result in significant resource being allocated to retrieve and reproduce this information.
What practical steps can organizations do in order to make sure their data is secure even when on the move?
If there is a business need to take confidential business data with you on the move, it is essential to ensure that this information is secured by transporting it on a portable device that is both encrypted and not vulnerable to being hacked. Devices that are hardware-encrypted, rather than software-encrypted, are widely considered to be best practice for two key reasons: there is no software to install with hardware encryption and the process is significantly quicker.
Many software encryption devices can be technically challenging for users – and, of course, the more difficult and time-consuming you make the encryption process, the less likely users are to take the time to adequately secure data. As such, devices need to be practical, affordable, easy to use and should work across all operating systems. Most importantly, the solution needs to ensure that the encryption process cannot be by-passed.
I would also strongly advise against using a keyboard to authenticate an encrypted device, as doing so potentially makes you vulnerable to keyloggers, hackers and also Trojan malware that can register every keystroke. Best practice would dictate the use of a PIN-protected portable device with an integrated keypad in order to remove this vulnerability.