Well, the royal family’s security could be compromised, for one. If you missed it, Heathrow Airport, one of the busiest airports and Britain’s largest, is scrambling to understand how a memory stick (aka thumb drive) with extremely sensitive information ended up on a busy west London street. The documents on the unencrypted drive detailed airport security measures and plans, including the routes typically used for Her Majesty’s route to and from the airport.
The documents were all marked “confidential” or “restricted.” Yet the thumb drive had no encryption and was just lying on the street, available for anyone to use. The scariest part? This could happen to anyone, to any business, at any time.
How do you prevent this type of blatant risk to sensitive information? Ask yourself the following about your security and privacy policies and procedures:
- What have we done – or can we do – to assure our sensitive data’s security isn’t compromised like this?
- How well does our own senior leadership follow the same strict security measures as line staff?
- Do we allow sensitive data to be stored, or even temporarily used for transport, on unencrypted drives?
- Who is allowed to access sensitive data and in what way can they interact with it? Should they even be able to?
Frightening as the event is, it’s also far too unsurprising. Before you decide that portable media is fine for transporting or storage of your sensitive data, think twice, then think again. Convenience should not override the need for data protection.
By Chris Apgar, CISSP