Security Blunders Presentation UK 2014

Data Security

What not to do!

UK Data Losses Shredded Neat Limited

Data - Why worry ?

• DPA introduced 1984• Administered by ICO• April 2010 new powers to

issue DP ‘Notices’ and pursue through courts

• 13,802 cases last year• 372k registered under DPA• 58 spot audits in 2013/13


What could it cost me?

• ICO levied £4.25 million in fines on 40 organisations

• Average fine £106k• FCA/FSA £7.77

million on just 7 organisations

• ICO Max fine £500k and FCA unlimited


Our Own Survey

• Looked at recorded prosecutions over 20 years, plus:

• Internet search of major data breaches

• Press and media researched

• Pulled together our own statistics and case studies


Data Media Losses


Secure Paper Losses

• Paper in use since 1495• Digitisation presents challenges

dealing with redundant archives• Cloud archiving has specific

problems in terms of security• Documents still carried to and

from work on various forms transport

• Unshredded documents often put in general waste


Benji the Bin Man

• Benjamin Pell made a living going through rubbish

• Professional Muckraker• Drove round London in Hi-Vis

emptying bins into his vehicle• Prominent firms and people

targeted, paid by newspapers• Police found 200,000

documents in his shed after his arrest!


Other data storage


Portable Data Media• Seagate devised 1st HDD in

1980, 5Mb, by 2013, latest PCs 4Tb

• Or from 5 novels to a library with 4m books

• Mem.sticks 1st used 1980s, can hold 128 Gb, convenient to carry – easy to lose!

• Mobiles 1990’s, 50% ‘smart’ 25,000 stolen in London per week


West African News!

• Old pcs/laptops began arriving in Ghana few years ago, Ghanaians welcomed donations to help bridge digital divide.

• E-waste dealers set up shop close to port, display 40ft containers they bought in UK– HDDs salvaged are displayed at open-air

markets. Organized criminals comb through HDDs for personal information to use in scams.

• Totally outside UK regulation & contribute to some of 217,000 ID fraud cases in the UK.


Where do losses occur?

• Paper losses from offsite storage, during office moves & blown out of doors & windows

• Theft of high value laptops/mobiles from houses, trains & cars

• 50% of all losses in transit occurred after being in the pub or a restaurant


Inverness Police

• In 2000, hundreds of documents found blowing across local tip

• Internal files on 126 cases incl. bike thefts, drug offences and serious sexual cases

• Defendants clearly identifiable• Major inquiry launched by Police• Member public sent bundles found

to the local newspapers• Police unable to say how these

bypassed their procedures


Data Loss Threats

Most Common Threats

• Single or compound threats

• Excl. misdirected comms.

• Intentional e.g. hacking or criminal or accidental, when an event occurs and data falls into other hands or public domain

Reputational Damage

• In 2011 Oliver Letwin papped on five separate days

• Dumped docs in waste bins in St. James Park

• 100 documents retrieved by the photographer

• Comprised briefing papers and constituency mail

• MP and Minister of State in Cabinet office – Nice one Ollie

Personal Liability

• Richard Jackson 2008• Left files on Train out of

waterloo• Contained Joint Intelligence

Committee report on Al Queda & MoD report on Iraq’s defence capabilities

• Commuter passed them to the BBC

• Richard (Dick) fined £2500 and severely reprimanded by Civil Service

Security what security?

• Former Home Secretary David Blunket 2002

• Documents found outside a Sheffield Pub

• Aerial Photo’s of his home and detailed alarm systems info & his usual daily routine in papers

• Ex-soldier found the papers and gave them to S. Yorkshire Police

Graham Clements whoops!

• UK MD of Ischida Corp. Japan.• Gives old Blackberry to his IT dept

to recycle• Attends his 1st Board Meet to find his

Blackberry No1 item in agenda• Data on it – Business Plans; bank

accounts; Corp info & his children• Damaging publicity just averted by

fact the phone was recovered by Glamorgan University who were researching mobile phone abuses

Protect yourself!

• Ensure DPA complaint processes• Resources needed often outside

scope smaller companies• Secure storage of paper on site• CRB check cleaners and FMCo• Ensure all data containing media

controlled• Encryption of data taken offsite• Certification to BS15713

contractors not badges!


Contact Details

• www.shreddedneat.co.uk

• Call free 0800 234 6660

• Shreddedneat@Shreddedneat • • facebook.com/Shreddedneat

• [email protected]

http://www.shreddedneat.co.uk/

mailto:[email protected]

Security Blunders Presentation UK 2014

Education

Transcript of Security Blunders Presentation UK 2014