Last week’s episode of the British satirical comedy, The Thick of It, showed how the concept of a major public-sector data loss has become so mainstream that it can be the subject of an entire programme.

The story was based around the accidental wiping of a large volume of citizen data within a Government department, with no backup available, and follows the frantic efforts of the department to stop the news leaking to the press. Read More »

Ask an IT security expert how they would define security, and they’ll often reply that it’s a state of mind.  Sometimes organisations will take all the right steps to secure their sensitive data, only to be let down by simple human error. 

Unfortunately, this was the case in a prison in England last week.  A visiting health worker lost a USB flash drive that contained medical information of more than 6,000 prisoners and ex-prisoners from Her Majesty’s Prison, Preston.  

The right approach to data security was taken, as the data being backed up onto the flash drive was encrypted.  However, the encryption password was written on a sticky note that was attached to the drive when it was lost.  

There’s a lesson there for every computer user.  Don’t write passwords down near devices that have encrypted data on them.  User education is a key part of any IT security strategy, so it’s important that everyone is aware of behaviour that’s potentially risky. 

And for IT departments, if you do deploy secure USB flash drives, make sure that they are capable of being centrally managed, with software that can terminate lost or stolen drives when the loss is reported, or after a given time interval.  This way, the drive and data is safe against unauthorised use in any event.