Data being leeched from company databases by less secure mobile devices is a common occurrence, making data leakage the big technology issue of 2008. With the increasing use of mobile phones, PDAs and laptops as work tools, important company data is removed from the office every day.
This increase in data sharing promotes an environment suitable for data leakage and is aggravated by the associated use of hot-desking, home working and wireless hotspots. It is further complicated by the shuttling of data back and forth between staff on USB sticks, CDs, DVDs, backup tapes and even iPods. As a consequence, security breaches are on the increase.
Whether it is HM Revenue & Customs losing 25 million records on CDs, the Ministry of Defence losing details of 600,000 servicemen and women in a lap-top theft, or the recovery (from beside a bicycle shed) of a USB drive containing the personal details of Perth & Kinross Council workers, cases of data loss appear with uncomfortable regularity.
The Payment Card Industry Data Sec-urity Standard (PCI DSS) that is currently being implemented, as well as the forth-coming governance regulations in the Companies Act, will force UK businesses to focus on the problem of data leakage.
Unlike many other parts of the world, in the UK there is no requirement to disclose data breaches. The Identity Theft Resource Center (ITRC) reports that data breaches doubled to 167 in the US during the first quarter of this year, compared with the equivalent a year ago.
That figure is probably similar in the UK, even without the ITRC figures accounting for the encrypted files that may have been compromised. However, there remains no real breakdown of the number of breaches that are directly related to mobile data.
In all fairness, and in terms of numbers, the incidence of data breaches as a result of mobile device theft is perhaps not as high as scaremongers would have us believe, simply because it is not as anony-mous as covert internet hacking. If someone wants to steal data, doing so by taking a laptop means they run the risk of discovery, perhaps being seen by someone, or monitored on a security camera. But it does happen, and the theft of one laptop can do more to expose a company’s data than any concerted hacking or social engineering exploit.