Files Stored on Device "Were Encrypted"
October 2008, Cambridge, UK: The seemingly endless stream of news about the theft or loss of laptops, CDs, memory sticks and handheld computing devices continued last week with a report that a 'palmtop device' owned by an employee of MI5 has been stolen from a house in Manchester.
Previous losses and thefts of such devices, such as the 'mislaying' of a computer hard drive containing the personal details of 5000 justice staff by an employee of EDS, have resulted in embarrassing headlines and calls for hefty fines to be levied on offending organisations. They have also, in some cases, resulted in those responsible for the data breach being sacked.
According to Manchester police, in the case of the MI5 handheld computer "it would be impossible for anyone to access" the data on this device because "the files were encrypted. "Even so, according to a Home Office spokesperson, "no comment" could be made about "security matters".
"If it is need true that it is impossible for anyone to read the data on this stolen MI5 device", said Simon Brooks, Director of security specialists Metadigm, "Then we see it as really positive news.
"At last, we have an example of an organisation that has actually taken the steps necessary to safeguard sensitive data in the event of the loss or theft of the device it is stored on".
This incident comes on the heels of a recent statement from Justice Minister Michael Wills that he is giving the Information Commissioner powers to levy new penalties for "reckless or knowing misuse of data".
Simon Brooks continued: "There is no excuse for not safeguarding data stored on portable devices such as laptops, USB drives, CDs, DVDs and other forms of portable storage media. Encryption technology, especially for laptops is widely available, affordable, easily deployed and straightforward to manage.
"It's not a matter of 'special processes' to prevent data loss,
though of course these are important; in the first instance it's a matter
of making a policy decision to apply the right technology to mitigate
against a known risk. The fact that some organisations seem to be taking
their time in making these decisions is very frustrating for all of us.
"Implementing measures to prevent data loss is not just a matter of corporate
or organisational responsibility; it is a legal requirement, and it's
not rocket science to put in place."
About Metadigm Ltd
Metadigm is a specialist provider of network and end point security solutions. Since 1989 the company has installed or currently supports network security infrastructure in 54 countries, through its expert team of Security Engineers. Its client base spans 20 vertical market sectors, and it is now widely renowned as a trusted leader in the field of security and network solution design and implementation.
Metadigm partners with, and is accredited by some of the world's leading network and end point security technology vendors, whose products it complements with its own range of professional services including penetration testing, solution design, implementation, helpdesk services, management and 24 x 7 support.
Specialist areas supported
include Firewalls, Secure VPNs, Remote Access, WAN Acceleration, Laptop & Device
Encryption, and USB Device Control as well as Web Filtering, Anti Virus,
Anti Spam and Content Security. For more on Metadigm please visit www.metadigm.co.uk.
