January 13, 2017
Take 60,000 confidential customer records and lock them in a secure room.
You’ve stored the files on an external hard drive, but it’s offline so there’s no immediate threat from hackers.
Next thing you know, the records are gone. Vanished without a trace.
Sounds like a magic trick or the plot of the latest crime thriller, right?
But today – more than a year after those thousands of customer files disappeared – executives at one global financial services company are still figuring out how it could have happened.
They’re now facing a $180,000 fine from the industry regulator for lax data security.
And in addition to a public apology, they’re having to offer affected customers two years’ fraud monitoring in case the missing records are used for criminal gain in future. There are lessons for businesses large and small in the story of RSA Insurance.
Only 40 employees and contractors had security keycard access to the room where the files were kept. But none of them knows what happened.
Was the door left open – allowing someone else to walk in and walk off with the hard drive?
Could this have been a case of “tailgating” – someone with security clearance holding the door open for someone behind them: an error of common courtesy?
What the case illustrates once again is that insider errors and actions are a primary threat to confidential data. You’ll see the same pattern in the official statistics about data loss in another sector: healthcare.
Unauthorized disclosure of data by employees and business associates was the main cause behind the disclosure of 15.2m patient records last year.
The answer is to carefully control and monitor insider access to your company’s most sensitive records. Implement a data loss prevention system that takes worry out of the equation.
Lock down files that should not be copied, emailed, printed or saved to an external drive.
It’s not just a question of fines and apologies – it’s your firm’s market reputation at stake.
Categorized in: Blog