As we hear of yet another data security breach

  Forum Editor 08:48 02 Nov 2008

by an agency working for the government

click here

there's an illustration of the real problem in a nutshell; a spokesperson for the company responsible for the loss (in a pub car-park)of a USB stick containing usernames and passwords to a key government computer system said:

"It is clear that the employee removed the device from company premises in direct breach of our own operating procedure"

So there you have it - the one flaw in the system, the one thing that can negate all other security measures in a second; an employee decides, for whatever reason, to break the rules. It highlights the absolute urgency with which government Ministers should be addressing the way in which our confidential information is safeguarded, the need to devise a system whereby it's impossible for any employee to leave a building with sensitive information stored on a memory stick, a CD, a portable hard drive, or a laptop, unless at least one other senior person has given authority.

It can be done, all it needs is the will, and the resources necessary to implement the revised security policy. It won't be 100% effective - such a system doesn't exist, but it will go a very long way towards making ludicrous breaches of security like this one a thing of the past.

I'm available for consultation at a moment's notice.

  €dstowe 08:57 02 Nov 2008

It doesn't only happen with high tec stuff click here

It seems there is an overall laxity in security measures throughout, whether that be good old fashioned paper in a briefcase or more modern means of carrying confidential information.

  Forum Editor 09:28 02 Nov 2008

is that it highlights the ease with which someone can,in a moment, compromise the security of extremely sensitive information. In this case the tax and benefit records of 12 million people are not at risk of intrusion according to a government spokesperson because the access details are to an 'old version of the system'.

Whether or not the old version of the system contained the information I wouldn't know, but it's not really the point. The point is that there's a glaring security risk attached to people being able to wander around with USB memory sticks full of confidential data in their pockets.

  Coffee Adict 10:08 02 Nov 2008

The question that springs to my mind, had the person concerned not lost the stick, what exactly did they intend to do with it?

Was it just case of petty pilfering, or are there more sinister undertones.

  WhiteTruckMan 10:47 02 Nov 2008

or a knee jerk reaction to call for instant dismissal of the perpetrator of this (and other) incidents. At best this is gross misconduct/negligence, at worst criminal charges should be considered.

When you think about the number of times this sort of thing has been brought to our attention (let alone how many times it must have happened without anyone finding out) then the whole industry needs a serious wake up call.

I for one am heartily sick and tired of being forced to divulge personal data to obtain goods and services only to find this sort of thing happening far too often. Perhaps a rash of jail terms handed out might give people pause to consider their the consequences of their actions.


  lofty29 11:59 02 Nov 2008

And next time someone asks why the government should have details for ID cards, NHS computerised records, etc, we will assured that all the required information will be totally secure. All these people who hold our information have not the slightest idea of other peoples security, I am sure that they are very careful with their own though. Bet that guy slipped the stick into his pocket in the course of his work, forgot about it, and pulled it out when he was reaching for his car keys, surely it is possible to security tag this sort of stuff, or how about welding a six foot pole to it, they might notice that if someone tried to go past the security desk with it,

  Jim Thing 12:30 02 Nov 2008

"...or how about welding a six foot pole to it..."

I've had experience of a similar system which was 100% effective. A ship I served on had had to deal with several cases of people going ashore with their department's keys in their pocket. The First Lieutenant solved the problem by ordering that each bunch of ship's keys had to have a 1/8" brass tally plate the size of a postcard.

  wiz-king 12:51 02 Nov 2008

I would have thought that a password list would have been available on screen to those who needed it for their jobs but should not have been downloadable to a memory stick.

  laurie53 19:13 02 Nov 2008

For four years I spent every working day with a key attached to a tally the size of a tea plate round my neck, and I had to hand it over whenever I left the office.

Then one day the boss found me in a cafe, two miles away, still with the key!

I've said it before and I'll say it again - you can't legislate against stupidity!

  Monoux 19:22 02 Nov 2008

I see on teletext that a government minister left his Red box on a train, bet he isn't sacked or even disciplined

  €dstowe 21:19 02 Nov 2008

See my response timed at 8-57 (above).

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

Halloween Photoshop & Illustrator tutorials: 20 step-by-step guides to creating spook-tacular…

iPhone X news: Release date, price, new features & specs

Comment créer, modifier et réinitialiser un compte Apple ?