[BreachExchange] The hidden liability: How to keep your business data safe
Audrey McNeil
audrey at riskbasedsecurity.com
Wed Aug 17 20:28:37 EDT 2016
http://www.itproportal.com/2016/08/17/the-hidden-liability-how-to-keep-your-
business-data-safe/
Data stored on business systems is both an asset and a liability. Like any
asset, your data is worth guarding, and like any liability, it’s worth
mitigating. Personal identification numbers, customer payment information,
contact lists, product/service roadmaps, and intellectual property are just
some of the types of confidential data that’s stored on almost every
business computer and server.
According to data obtained by Crucial via a Freedom of Information request,
3,533 laptops have been lost in five years on the Transport for London
network. There has been a 79 per cent increase in the number of laptops
lost on the tube since 2010, with 885 lost in 2014/15 compared to 494 in
2010/11. An additional 801 have gone missing in the last three years at
eleven Network Rail operated stations across the UK.
But this only paints a small part of the picture. If you then think about
the number of laptops that might have been lost on buses, at airports, car
break-ins, theft, burglary and unreported losses, the number of unprotected
laptops really starts to add up. It really starts to demonstrate how
vulnerable our data really is, and how easily it can get into the wrong
hands.
These figures emphasise the vulnerability of data – commuters and employees
risk misplacing confidential, personal or company data, which could get
into the wrong hands, demonstrating that accidental data loss can happen to
anyone at any time.
All data is vulnerable in the event of accidental loss, which can become
high-value target for hackers and data thieves. It is essential that you
take steps to keep your data safe, in the event that it gets into the wrong
hands.
The best way to protect data stored on computers is to encrypt it at the
hardware level using self-encrypting solid state drives (SSDs). This
critical data security step is often overlooked; as new systems tend to
come with low-grade preinstalled hard drives which often lack encryption
technology. In the event that a pre-installed hard drive has encryption,
it’s typically software-based, which is one of the weakest forms of
encryption. Software-based encryption slows down system performance and
productivity, whilst also putting data at risk of being compromised because
the software protocol relies on the operating system and remains vulnerable
to rootkit attack.
In contrast, self-encrypting SSDs use top-level AES 256-bit encryption
technology that’s built into the storage drive to encrypt every file and
piece of data at the hardware level. This is the same method of encryption
used by hospitals and banks, and helps organisations enhance security and
minimise liability.
If your business does become the victim of a breach or data loss, then the
repercussions can be severe. Under the Data Protection Act, businesses can
receive a substantial fine from the Information Commissioner’s Office (ICO)
for losing customer data. The international standard for information
security management, ISO 27001, gives businesses guidelines on how to best
comply with data protection laws, which are set to get much tougher.
It’s unclear how the ramifications of Brexit will affect this, but from 25
May 2018, the EU General Data Protection Regulation (GDPR) will become
enforced. This in theory will allow the ICO to levy penalties which could
reach the upper limit of €20m or 4 per cent of global turnover, whichever
is higher. Soon the threat of insolvency or closure of a business due to
data breaches will become very real, if information security is not
strictly enforced.
Data loss will also have a significant impact on your reputation and public
perception, with trust in your brand eroded. The TalkTalk hack is a good
example of what can go wrong following a breach, with a total cost of the
breach coming to around £80m as well as the loss of more than 100,000
customers.
Businesses rely on confidential data, which includes customer payment
information, personal records, or internal product roadmaps. Using
self-encrypting SSDs to lock up your data helps protect the integrity and
confidentiality of your data, and as an added benefit, can improve business
productivity by eliminating the use of slower mechanical hard drives.
Testing shows that SSDs are six times faster than traditional hard drives,
meaning your business can work faster and improve productivity, whilst also
strengthening data security.
Enhancing data security requires taking extra precautions, but it doesn’t
have to be difficult or expensive. What’s really expensive is losing data
that your business has a legal obligation to protect.
Safeguard your data by swapping out vulnerable preinstalled hard drives,
and start encrypting your data at the highest level and improving system
speed and performance. Your data is an asset and a liability. Guard it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160817/db4cf918/attachment.html>
More information about the BreachExchange
mailing list