No short cuts on the wayto datasecurity

15 March 2010

Having learnt from the masters in the Civil Service, everyone now knows that the easiest way to lose sensitive data that should be kept under lock and key is to leave it on a train.

But the latest perpetrator of lax data security emailed customer data to the wrong recipient. This time it wasn’t a government department, it was one of the mortgage industry’s own.

The incident was featured in the trade press and you’ve probably read all about it so there’s no need for me to regurgitate the details here but one thing is clear - it was avoidable.

Rule one must be - don’t email customer information. If data has to be accessed externally ensure it’s only possible for third parties to gain entry via a secure network.

Restricted encryptions allow authorised users access to data from approved locations. This gives you a double-locked door to your customer data.

Although not so relevant in this case it’s also a good idea to keep a close eye on changes to your data.

Log all changes so historical data can be compared with current information. This allows discrepancies to be highlighted and investigated.

The latest data security failing may have only flouted one of my security rules but the offender has had to sign an agreement to password-protect sensitive reports before they’re emailed externally.

That’s not good enough - it’s the equivalent of trying to hold back Sebastien Chabal with a rubber band. In the present climate there can be no short cuts.