security blunders presentation uk 2014
DESCRIPTION
Learn about some of the simple errors people have made when handing their confidential data, this presentation was based on a Shredded Neat piece of research into blunders from the last 20 years, it is meant to be lighthearted!TRANSCRIPT
Data Security
What not to do!
UK Data Losses Shredded Neat Limited
Data - Why worry ?
• DPA introduced 1984• Administered by ICO• April 2010 new powers to
issue DP ‘Notices’ and pursue through courts
• 13,802 cases last year• 372k registered under DPA• 58 spot audits in 2013/13
UK Data Losses Shredded Neat Limited
What could it cost me?
• ICO levied £4.25 million in fines on 40 organisations
• Average fine £106k• FCA/FSA £7.77
million on just 7 organisations
• ICO Max fine £500k and FCA unlimited
UK Data Losses Shredded Neat Limited
Our Own Survey
• Looked at recorded prosecutions over 20 years, plus:
• Internet search of major data breaches
• Press and media researched
• Pulled together our own statistics and case studies
UK Data Losses Shredded Neat Limited
Data Media Losses
UK Data Losses Shredded Neat Limited
Secure Paper Losses
• Paper in use since 1495• Digitisation presents challenges
dealing with redundant archives• Cloud archiving has specific
problems in terms of security• Documents still carried to and
from work on various forms transport
• Unshredded documents often put in general waste
UK Data Losses Shredded Neat Limited
Benji the Bin Man
• Benjamin Pell made a living going through rubbish
• Professional Muckraker• Drove round London in Hi-Vis
emptying bins into his vehicle• Prominent firms and people
targeted, paid by newspapers• Police found 200,000
documents in his shed after his arrest!
UK Data Losses Shredded Neat Limited
Other data storage
UK Data Losses Shredded Neat Limited
Portable Data Media• Seagate devised 1st HDD in
1980, 5Mb, by 2013, latest PCs 4Tb
• Or from 5 novels to a library with 4m books
• Mem.sticks 1st used 1980s, can hold 128 Gb, convenient to carry – easy to lose!
• Mobiles 1990’s, 50% ‘smart’ 25,000 stolen in London per week
UK Data Losses Shredded Neat Limited
West African News!
• Old pcs/laptops began arriving in Ghana few years ago, Ghanaians welcomed donations to help bridge digital divide.
• E-waste dealers set up shop close to port, display 40ft containers they bought in UK– HDDs salvaged are displayed at open-air
markets. Organized criminals comb through HDDs for personal information to use in scams.
• Totally outside UK regulation & contribute to some of 217,000 ID fraud cases in the UK.
UK Data Losses Shredded Neat Limited
Where do losses occur?
• Paper losses from offsite storage, during office moves & blown out of doors & windows
• Theft of high value laptops/mobiles from houses, trains & cars
• 50% of all losses in transit occurred after being in the pub or a restaurant
UK Data Losses Shredded Neat Limited
Inverness Police
• In 2000, hundreds of documents found blowing across local tip
• Internal files on 126 cases incl. bike thefts, drug offences and serious sexual cases
• Defendants clearly identifiable• Major inquiry launched by Police• Member public sent bundles found
to the local newspapers• Police unable to say how these
bypassed their procedures
UK Data Losses Shredded Neat Limited
Data Loss Threats
Most Common Threats
• Single or compound threats
• Excl. misdirected comms.
• Intentional e.g. hacking or criminal or accidental, when an event occurs and data falls into other hands or public domain
Reputational Damage
• In 2011 Oliver Letwin papped on five separate days
• Dumped docs in waste bins in St. James Park
• 100 documents retrieved by the photographer
• Comprised briefing papers and constituency mail
• MP and Minister of State in Cabinet office – Nice one Ollie
Personal Liability
• Richard Jackson 2008• Left files on Train out of
waterloo• Contained Joint Intelligence
Committee report on Al Queda & MoD report on Iraq’s defence capabilities
• Commuter passed them to the BBC
• Richard (Dick) fined £2500 and severely reprimanded by Civil Service
Security what security?
• Former Home Secretary David Blunket 2002
• Documents found outside a Sheffield Pub
• Aerial Photo’s of his home and detailed alarm systems info & his usual daily routine in papers
• Ex-soldier found the papers and gave them to S. Yorkshire Police
Graham Clements whoops!
• UK MD of Ischida Corp. Japan.• Gives old Blackberry to his IT dept
to recycle• Attends his 1st Board Meet to find his
Blackberry No1 item in agenda• Data on it – Business Plans; bank
accounts; Corp info & his children• Damaging publicity just averted by
fact the phone was recovered by Glamorgan University who were researching mobile phone abuses
Protect yourself!
• Ensure DPA complaint processes• Resources needed often outside
scope smaller companies• Secure storage of paper on site• CRB check cleaners and FMCo• Ensure all data containing media
controlled• Encryption of data taken offsite• Certification to BS15713
contractors not badges!
UK Data Losses Shredded Neat Limited
Contact Details
• www.shreddedneat.co.uk
• Call free 0800 234 6660
• Shreddedneat@Shreddedneat • • facebook.com/Shreddedneat