Lessons must be learned and fast, says SafeBoot
Its been a difficult few weeks for the public sector. After 25 million records disappeared thanks to an error by HM Revenue & Customs (HMRC), the Driver and Vehicle Licensing Agency (DVLA) in Northern Ireland has lost over 7,000 driver records in a standard data exchange with the DVLA in Swansea. As with the HMRC incident, the data was transported using un-encrypted CDs and the postal service.
A recent study by mobile device encryption specialist, SafeBoot, discovered that 88 per cent of public sector bodies have security policies in place (i.e. to protect sensitive public data), but four out five public sector workers ignore these. Tom de Jongh, product manager at SafeBoot, believes that enough is enough and the public sector has to make immediate changes to prevent further embarrassments and to win back public trust.
In the wake of the HMRC debacle, the Government ordered an urgent review of public sector data security and in particular the transport of data. However, less than a month later the same mistake has happened. It does not take a genius to work out that transporting sensitive data via un-encrypted CDs and standard post is a huge security risk.
Encryption is the obvious way to mitigate these risks. Organisations can transparently deploy technologies to ensure that data is always encrypted and that end-point security is maintained. Our study found that the majority of public sector workers ignore security policies, so one should take this into consideration and make it mandatory that information is secured. This same mistake should not happen again!