Wednesday, January 14, 2009

Stupid Security

I've been preaching for a long time about the benefits of encrypting removable USB flash drives, since they are easily lost and it's a breeze to suck your data off of them.

So if you're encrypting your USB keys, you're smart. Very smart. If you attach your encryption key to the device, you're dumb. Very dumb.

Such was the case with prisoner health information from Preston Prison in Lancashire, UK. More than 6300 prisoner's data was on the USB stick.

Workers from NHS Central Lancashire involved in the incident have been suspended while the investigation takes place.

It is believed a member of NHS Central Lancashire staff had uploaded the information using the memory stick then returned to the administration office and lost the device somewhere on route.

There's that data-in-transit and human error thing again, as I pointed out in my posting yesterday on the rise of data breaches. How many of these incidents need to occur before people dummy up and start doing the right thing?

No comments:

Post a Comment

Please tell me what you think.