Am I the only one that has noticed the huge influx of data security issues in the news lately? It seems every other day a high profile company has lost some sort of personal information on clientele or employees.
An example:
Thousands of Pittsburgh area veterans may be at risk of identity theft after a desktop computer containing their personal data was reported missing from the office of a Veterans Affairs Department subcontractor.
VA Secretary James Nicholson said the computer may have contained information for as many as 38,000 veterans treated at VA medical centers in Pittsburgh and Philadelphia during the past four years.
The data on the computer were patients’ names, addresses, Social Security numbers, dates of birth, insurance carriers and billing information, dates of military service, and claims reports that may include medical information.
Now why was all of this very sensitive information sitting around on a subcontractor’s desktop computer in the first place? Why did they need to keep records of 38,000 individuals warehoused at an insecure location, on an insecure workstation?
I have to think this just comes down to a poorly designed IT department that has little to no security policy concerning sensitive data. Most end users will attempt to keep copies locally because the server is either slow or unreliable at keeping data, but that still ends up as an issue with IT.
Just a few simple measures, some new policies, and education and a vast majority of these losses would disappear. I guess this is just job security for security consultants 
0 Responses to “Data security woes?”