Monday, November 24, 2008

The Reality of Data Breaches

In 2008 alone, over 270 data breaches were recorded by the Privacy Rights Clearinghouse. These data breaches spanned across a wide variety of organizations --universities, banks, government agencies, department stores, etc. No industry has been spared as new breaches continue to occur on a daily basis. Data breaches have become so widespread that many states have passed legislation addressing confidentiality of personal information. There are many different causes of these security violations. Data breaches occur due to theft of laptops, USB drives, back-up tapes, and other media used to store data away from an organization’s servers. They can occur due to inadequate disposal of items containing sensitive data (e.g. files recycled as scrap paper). Employees give away their user ids and passwords to hackers masquerading as support techs. Misuse of data by employees ranging from inappropriate access to actual corporate espionage has also contributed to data losses.

In general, data breaches are primarily attributed to human error rather than the technology. An organization’s policies and procedures should clearly inform employees on proper handling of data. Providing instruction and training to employees on best practices is also necessary. An effective auditing and monitoring program, as well as consistent enforcement of the program, are also required components of an effective security approach. Technology solutions can help, but cannot replace, a comprehensive program to protect an organization’s information assets.

No comments: