Your Risk Management Magazine
Risky business: April 08

Font size : + -

email print

IT security tip: dont use snail mail

It seems the best way to get access to confidential data is to visit government auctions or get a job as a postie, preferably for the Royal Mail. Another institution has joined the proverbial leaky sieve club as hundreds of thousands of personal records now seem to be going missing on a weekly basis.

The latest big one is – once again – in the UK. Not a government department this time but a bank, HSBC, admitted it had managed to mislay more than 370,000 records containing the names, dates of birth and insurance cover levels of people with life assurance at the banks and whether they smoke, Times Online reported.

Not because somebody hacked into the network, but because they sent a disc via unregistered post –the method used by a certain department of social security when it lost 25 million personal records.

Times Online reported that HSBC’s records would normally be sent via encrypted electronic transfer, but due to a system outage had to be sent via snail mail.

“This is a unique situation, in that we would not normally send info like this. We normally encrypt the information and send it via electronic transfer, but on the day the system wasn’t working. It was not our finest hour.”

Millions of pounds in fines have been doled out over the past year by the Financial Services Authority in the UK. Australia doesn’t even require companies to tell their customers their data has been compromised, which is a good thing for some government agencies.

Western Australia’s Auditor-General discovered that it could recover sensitive data from two-fifths of the computers it bought at a government auction.

“Four out of 10 examined ex-government computers we purchased at auction contained recoverable data. From these computers we were able to recover confidential and sensitive data, including information about public sector employees, detailed technical information about agencies IT systems and documentation of their internal software development projects,” the report stated.

“None of the seven sampled agencies had comprehensive policies or procedures for secure removal of data from computer equipment prior to disposal. While all agencies did have a process in place, it was either inadequate or was not applied consistently.”

The auditor also said government guidance on appropriate methods of removing data from computers prior to disposal is limited.

Let’s just hope we don’t get to the point where incidents like the above are so common that it isn’t news any more.

“I sat the kids down and told them that gambling with every dime I can squeeze out of anything is not ‘gambling’ anymore; it is ‘risk management’, and it is now obvious that I am a modern kind of guy seeking to ‘maximise risk-adjusted rates of return’!”

– The Mogambo Guru, in The Daily Reckoner

“The turmoil in global markets is still playing out; the US economy, if it is not in recession, then it is certainly in something that looks like it.”

“The credit cycle has turned, we are now going to see a return to a more normalised provision of credit.”

– Mike Smith, CEO of ANZ Bank

“I always viewed Australia as low risk [for money laundering], but then someone said what about the bikie gangs? How do you know that someone is a criminal? Then if you look at that on a global scale, it is very difficult to assess.”

– David Eardley, head of operational risk and compliance at Allco Finance Group speaking at an Informa conference on fraud

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.