Tag Archives: Mr Pettersson

NHS admits further data loss via unencrypted USB storage device

A new data loss scandal originating from within one of the organisations governed by the NHS has come to light, once more involving the misplacement and subsequent discovery of a portable USB memory stick which was entirely exposed due to a lack of encryption.

Members of the Forth Valley NHS board are being investigated by the Information Commissioner’s Office (ICO), after the media was made aware of the loss. It emerged that an employee had transferred data from NHS systems over to the device, which were personal items, before parting ways with them due to loss or theft.

The board’s chief executive Fiona Mackenzie has committed to a formal undertaking authored by the ICO, that will ensure the future eradication of any unofficial data storage devices from use within the organisation, with staff only being allowed to transfer data on sanctioned, centrally controlled devices.

The board will not be taking a passive stance, but will rather increase security and block any personal memory devices from gaining access to systems.

The ICO’s Scottish representative, Ken Macdonald, reiterated previous statements made by colleagues by saying that, hopefully, this incident will make it clear to other organisations within the NHS that inadequate appreciation of data loss prevention policy amongst staff members, would lead to the leaking of confidential patient information – unless measures are taken.

Mr Macdonald said that he hoped the increasing emphasis on staff responsibility for the use of portable storage would not subsequently allow the heads of such organisations to deny their own part in protecting data when future incidents inevitably arise.

Security expert, Ander Pettersson, said that the portability and convenience of used USB storage devices was difficult to ignore and many businesses rely on mobile technology to increase productivity and flexibility. He recognises the potential for loss or theft posed by these devices and suggests that the NHS will need to invest in a secure USB system, that will retain the integrity of private data.

Mr Pettersson said that while organisations like the NHS have a responsibility for protecting the data of customers, the ICO would also have to use its own powers to police such organisations and impose penalties to prevent future debacles.

Most fail to encrypt USB memory sticks, survey finds

A new study has discovered that the majority of those working with USB sticks in order to transfer and store data do not properly secure these portable devices using encryption.

The study was not carried out over a general, mixed discipline selection of employees, but rather it focused specifically on IT security professionals, which makes the findings all the more troubling according to some.

Credant Technologies polled 277 professionals and discovered that 89 per cent of respondents did not regularly employ measures as simple as basic password protection when using USB sticks.

Respondents said that in 67 per cent of cases they were transporting business secrets relating to intellectual property on unsecured USB drives, with customer data being inadequately protected in 40 per cent of cases and personal information relating to employees making up the smallest proportion, with just 26 per cent transporting it on USB sticks.

A total of 52 per cent said that there was no form of encryption on the USB sticks used regularly by themselves and their co-workers, suggesting that there is still a great deal of complacency in relation to data loss, even amongst those professionals who are specifically tasked with managing this sensitive area.

Credant Technologies’ Sean Glynn believes that there needs to be greater awareness as to the risks associated with unencrypted portable storage devices, particularly since it is relatively inexpensive to ensure that data is properly protected when transported in portable form.

USB data security expert Anders Pettersson said that it would be relatively easy to convince IT professionals to adopt a more secure approach to data storage, but that getting the message across to those who are less technically proficient in different departments of a business could be where the real challenge lies.

Mr Pettersson believes that some IT security professionals are concerned about the potential backlash they could face if they alter current policy and create a safer working environment with widespread USB encryption, or even alternative methods of data transfer. However, he also indicated that there was a general move towards improved security measures and total encryption which is positive for the future.

Survey shows that businesses do not appreciate data loss penalties

A report into the way in which businesses calculate the financial damage that will be caused by serious data loss or theft has found that most are inaccurately predicting the ultimate cost of serious security breaches.

Around 42 per cent of employees working in the City of London said that they thought the fines applicable in the event of an average data loss scandal would amount to under ten thousand pounds.

The study was authored by BlockMaster to coincide with the introduction of new Information Commissioner’s Office (ICO) powers which will see the ICO out fines of up to half a million pounds. The new powers came into effect at the beginning of the month.

18 per cent of respondents went on to reveal that they had personally lost a portable storage device for which they were responsible at some point in between 2007 and 2010.

61 per cent said that losing devices such as mobile phones or laptops was only of concern because replacing them could prove to be expensive. This is said to show that the data contained within the devices is held in scant regard by those who use them, perhaps leading to the complacent treatment and resultant loss of many thousands of devices over the years.

BlockMaster’s Anders Pettersson said that he was not surprised by the results of the study, particularly in relation to the fact that most people were still unfamiliar with the new ICO powers to impose far higher fines than before.

Mr Pettersson said that the most alarming fact revealed by the survey was that the only incentive for employees to protect portable storage devices came from the perceived cost of replacing the device itself, and not because of the fines and reputational damage that could be caused if the contained data proved to be sensitive.

Many data protection experts are calling for businesses to make employees aware that the data to which they have access is inherently valuable to the organisation as a whole, and should be treated with respect.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal