Uncommon sense

Data protection comes with a sense of responsibility, says Sean Robson.

  • E-Mail
By  Sean Robson Published  September 9, 2008

It used to be that time was money. Today, it is fair to say, information is where the money is. Data is being created at a furious rate and large swathes of it are not only important to the enterprise, but often times are confidential and business critical.

However, that information does not always remain confidential. With growing regularity we see or hear of disks, USB drives and even laptops that are either stolen and possibly even more worryingly ‘mislaid’. You might have read reports just this week, on how service provider EDS has ‘lost’ a hard drive containing the personal details of over 5 000 employees of the National Offender Management Service in England and Wales, including prison staff. What’s more horrifying is that the loss happened in July of last year and the Justice Secretary was not informed about it until this week.

Now, while this is not quite an enterprise leak it does have some very real fallout. Should the information land up in the hands of less scrupulous fellows then the prison officers, and their families, could be in very real danger.

For enterprises the dangers associated with data loss, although rarely physical, are just as real and could prove financially crippling. The figures speak for themselves, with the average cost of a single data breach estimated at US$14 million, and 1 in 2 USB drives containing confidential information. It’s clear that the odds are stacked against any organisation that does not take the issue of data loss seriously.

One might think that there is a general lack of data loss in the Middle East because we hardly hear of them in the media. And one would be wrong. Though the region has had some high profile data losses, including the ones related to the National Bank of Abu Dhabi, Mashreq Bank and the Commercial Bank of Dubai, these are few and far in between, and do not reflect the true status of data leakage in the region. In fact, the silence surrounding the entire matter can be equated to that breathless moment in a horror movie before the villain leaps on to screen.

Many companies tend to remain quiet about any data loss or leakage in their organisations since this involves a huge loss of reputation and customer trust; enough to even endanger the prospect of future revenue in some cases. The lack of regulation, unlike the developed markets, means that firms are under no obligation to reveal data loss and so would have the public at large believe that there is no data loss.

One only has to consider how easy it is to lose or mislay data and we can understand that there is no way that regional enterprises can be enjoying a bit of calm in the global storm. Take mobile solutions. With the ever-increasing capacity of mobile and smartphones to hold and access large amounts of valuable information, the simple act of forgetting your phone in a coffee shop can mean massive damage to your business.

In a recent NME feature, one industry insider suggested that there may be up to 15 times more smartphones lost than notebooks. They are much more mobile and much more personal, and that combination can lead to the possibility of more data leakage.

Of course, there are plenty of solutions and products available in the market that promise to protect organisations against just such data losses. These range from encryption keys that will render the data useless should it be mislaid or stolen, to anti-phishing software designed to safeguard the files.

These are all valuable and important tools in the fight against information loss. However, they can be rendered impotent if users abdicate responsibility and fail to use common sense. When passwords are saved as word documents or stuck on with labels, or Bluetooth is left constantly activated then all the most sophisticated protection in the world becomes utterly pointless.

Technology can only take one so far. Users need to be much more rational and aware when using and interacting with mobile technology. Leaving a phone or laptop lying around, post-it notes stuck to their screens or not encrypting hard drives is simply silly and irresponsible behaviour, and there is no technology that can help counter the danger.

Data protection does not always come in a box. It comes rather with sound reason, and end-users would be wise to start showing some healthy doses of that.

Sean Robson is the assistant editor of Network Middle East.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code