Tuesday, September 2, 2008

What Can Be Done to Better Protect USB Memory Sticks Following the UK Prisoner Details Data Loss Blunder?

Recently the UK government was forced to admit that files containing details of every UK prisoner have been lost in a new data blunder. A contractor working for the Home Office mislaid a memory stick with the information as it was being moved between computers. The files contain the names addresses and dates of birth of 33,000 prolific offenders who have committed at least six serious crimes in the last year.

For many organizations USB memory sticks and data loss are a public humiliation incident in the waiting, since the majority of companies do not exercise proper care and control over such devices. And this latest incident, one of many thousands, will be sure to focus the attention of the media on this growing problem.

To put sensitive data unencrypted onto a memory stick is regarded by the UK’s Information Commissioner as negligence. It could also be argued that for an organization to fail to address this problem by failing to make available encryption for memory sticks and controlling their use with corporate systems could also be a breach of duty. Spectacular fines have been inflicted on companies for data loss in the past, such as Nationwide, which suffered the theft of an unencrypted laptop from an employee’s home, and lost not only the data, but £1 million in a subsequent fine.

Various simple encryption options are available for memory sticks, including Steganos (for a fee) and TrueCrypt (free). For details click on the links or search on Google. If you need help in setting up an encrypted drive on a USB datastick using TrueCrypt email David.