Coping with A Major Security Breach? What’s your Contingency Plan?
by Martin Allen - MD of Pointsec Mobile Technologies - Friday, 10 February 2006.
An effective encryption policy, therefore, needs to encompass every device onto which employees might wish to copy files. It also needs to be transparent to users, so that it can be centrally controlled without any user action being required. And it should be impossible to disable, except by authorised administrators. Ideally it should also have the selective ability to block files from being copied to external devices at all, or if the target device doesn’t support the same level of encryption as that which protects the source data.

Your choice of crypto algorithm is also vital. Choose a proprietary encryption system and, if anyone discovers the secret mathematical formula behind it, all of the files that you have every encrypted instantly become public knowledge. Therefore, use a known international standard such as the Advanced Encryption System, or AES, with a key length of at least 256 bits.

What action should be taken?

A management walk-through is a great way to assess the impact of a security breach. Simply sit a group of technical and non-technical managers around a table and discuss a series of “what-if?” scenarios. Such an exercise invariably highlights critical weaknesses in existing strategies which can then be corrected before it’s too late.

For example, walk through the following scenario. A director of your company attended a conference last week, during which his briefcase was snatched from the back seat of his car. The case contained a laptop computer which held a list of the top 10,000 accounts by revenue. The information was not encrypted. This happened on Friday afternoon but it’s now Monday morning and the loss has only just been reported.

Among the topics that you will need to discuss are:

1. How will you ensure that those 10,000 affected companies are discreetly informed about the breach as soon as possible?

2. Who will brief the regulatory authorities and your company’s legal team?

3. What will you tell journalists from the national press and broadcast media, once they get hold of the story and want to hear your version of events?

4. Who is officially responsible for the security of your company’s information, and what will he or she be doing to prevent such an event happening again?

5. Who could make use of the stolen information, and how? Can you put systems in place to help detect instances of this taking place?

6. What action will the marketing department take to help regain the trust of new customers who have decided to take their accounts elsewhere?

7. Which laws and regulations has the organisation broken, and in which countries? For example, the UK’s Data Protection Act requires companies to make care of customers’ personal information.


The trust of one’s customers and investors is among the greatest assets that your organisation owns. Lose it, and you’re well on your way to being out of business. But failing to protect key information and data, or to introduce unnecessary delays in making losses public, could make such a situation a reality. Which is why full disc encryption should be mandatory to all organisations no matter what size!


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th