Policies are not enough

Wigan council has lost personal information of 43,000 children and young people attending Wigan’s schools. The data was stored without encryption on a laptop which was stolen. It is reported that the person who downloaded the data to the laptop was breaching council policy.

I am not surprised that this has happened once again, and it just shows that policies alone are simply not enough to keep data secure.

Policies need to be communicated with user awareness training and all users should understand why it is important and how to achieve the standards the policy sets. Security needs to become part of normal working practice with users thinking about security more often it will soon become just another thing you do automatically like locking your car when you leave it.

Software providing full disk encryption can be virtually invisible to the end user and ensures the data on the device is unreadable. This software can be obtained for free, so even the smallest businesses can secure data on their laptops and data storage devices.

More information on the data loss by Wigan Council here at ZDNet UK.

Free open-source encryption software (TrueCrypt) can be found here.

comments powered by Disqus