Organizations have to undertake a serious review of the way they handle data or the level of security of their information network. Freehold Community School in Oldham was said to have broken data laws after a laptop was stolen from a teacher's car together with an unencrypted device containing personal information on 90 pupils. A school's ignorance of the need to encrypt mobile and portable devices has led to a breach of the Data Protection Act.
"The fact that the school was unaware of the need to encrypt the information stored on their laptop shows that many organizations continue to process personal information without having the most basic of security measures in place," said Sally-Anne Poole, the ICO's acting head of enforcement. Poole said she was pleased the school had now taken steps to better protect pupils' information. Head teacher Joyce Willetts signed an undertaking to ensure laptops and other portable and mobile devices would be encrypted using appropriate software.
The Information Commissioner's Office (ICO) has found Virgin Media in breach of the Data Protection Act following the loss of an unencrypted CD containing the personal details of over 3,000 customers. The breach seems to have occurred following the loss of a compact disc that was passed to Virgin Media by Carphone Warehouse. The disc contained personal details of various individuals' interest in opening a Virgin Media Account in a Carphone Warehouse store.
Virgin Media was required, with immediate effect, to encrypt all portable or mobile devices that store and transmit personal information. Further, the company is to ensure that any service provider processing personal information on its behalf must also use encryption software and this requirement has to be clearly stated in all contracts.
Over the past years laptops (Marks & Spencer), DVDs (HM Revenue and Customs), and memory sticks (PA Consulting) have all gone astray, with the potential loss of thousands of records.
The European study complemented the earlier Ponemon Institute's December study which surveyed 329 organizations in the United States about laptop loss. Respondents lost more than 86,000 laptops over the course of a year, according to "The Billion Dollar Lost Laptop Study." The report valued the total cost at $2.1 billion at the time. When the resulting losses from the European study are combined with the US study, the total damages ballooned to $3.9 billion across almost 160,000 lost laptops in the space of one year.
Only 34 percent of lost laptops were encrypted, 26 percent were backed up regularly, and seven percent had other anti-theft features enabled, according to the European report. There were other similar trends in the European and US studies. Both reports found that roughly 30 percent of the lost laptops contained confidential data that was not encrypted. Organizations have to pay more attention on data policies, and have a proficiently skilled IT security workforce in order to avoid cyber attacks and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs.
EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals. CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics, Advanced Application Security, Advanced Network Defense, and Cryptography, among others. These highly sought after and lab intensive information security training courses will be offered at all EC-Council hosted conferences and events, and through specially selected authorized training centers.