News & Reviews


Keep up to date with Origin Storage

Tagged: Data Breach RSS

  • Origin Storage 09:27 on 22/08/2012 Permalink | Reply
    Tags: Data Breach, , ,   

    Data breach in Essex exposes details of 400 people 

    Essex County Council is investigating a serious data security breach, which could leave hundreds of people at risk of identity theft.

    A council worker at Essex County Council is believed to have sent personal and financial data of 400 people in care to an unauthorised recipient, according to a report by local news website This Is Total Essex.

    The data allegedly contained addresses and financial information about citizens in “substantial” and “critical” need of care, were sent from the Adults Health and Community Wellbeing Department to an external computer outside of the council.

    Following the breach, a council staff member was sacked and the incident reported to Essex Police and the Government’s Information Commissioner. The council’s own all-party scrutiny committee will now investigate the breach.

    According to the report, the data included details of personal budgets, used by people with disabilities to arrange essential services such as home care.

    In a statement, Essex County Council said that it did not believe there was any malicious intent behind the incorrect use of data and the risk of identity theft was “minimal”.

    “While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy,” it said. “We are taking this extremely seriously and have informed the police and the Information Commissioners Office,” the statement read.

    “Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised.”

    Councillor Mike Mackrory, Liberal Democrat opposition leader at the council, told This Is Total Essex: “With all the security procedures we are supposed to have now and all the millions the county council has spent on the best IT, it beggars belief that something like this can have happened.

    “I am frankly staggered. We need to get to the bottom of it quickly and ensure our procedures are even tighter,” he said.

    In the past year, fines issued by the ICO for data breaches have increased four-fold, totalling £1.8 million.

     

  • Origin Storage 15:55 on 07/08/2012 Permalink | Reply
    Tags: breach, Data Breach, ,   

    Sensitive details of NHS staff published by Trust in Devon 

    News release: 6 August 2012

    A health trust in Torquay has been served with a £175,000 penalty after the sensitive details of over 1,000 employees were accidentally published on the Trust’s website, the Information Commissioner’s Office (ICO) announced today.

    Staff at Torbay Care Trust published the information in a spreadsheet on their website in April 2011 and only spotted the mistake when it was reported by a member of the public 19 weeks later. The data covered the equality and diversity responses of 1,373 staff and included individuals’ names, dates of birth and National Insurance numbers, along with sensitive information about the person’s religion and sexuality.

    The ICO’s investigation found that the Trust had no guidance for staff on what information shouldn’t be published online and had inadequate checks in place to identify potential problems.

    Stephen Eckersley, Head of Enforcement, said:

    “We regular speak with organisations across the health service to remind them of the need to look after people’s data. The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable. Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud.

    “While organisations can publish equality and diversity information about staff in an aggregated form, there is no justification for unnecessarily releasing their personal information. We are pleased that the Trust are now taking action to keep their employees’ details secure.”

    The Trust has now introduced a new web management policy to make sure personal data is not mistakenly published on their website in the future.

     

     

  • Origin Storage 11:27 on 06/08/2012 Permalink | Reply
    Tags: Data Breach, ,   

    Data breach costs LinkedIn up to $1 million 

    Due to one of the year’s largest reported data breaches, business networking site LinkedIn has announced that it already has taken up to a $1 million hit.

    During its second-quarter earnings call on Thursday, LinkedIn CFO Steve Sordello said the costs involved with recuperating from the incident so far range from $500,000 to $1 million, which is going toward forensic work and “other elements” relating to the breach.

    According to the call, the 175-million-member company continues to strengthen its website’s security to protect members and is expected to add $2 million to $3 million in costs in the current quarter toward those efforts.

    “Since [the breach], we have redoubled our efforts to ensure the safety of our member account on LinkedIn by further improving password-strengthening measures and enhancing the security of our infrastructure and data,” Jeff Weiner, CEO of LinkedIn, said during the call. “The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident.”

    Earlier this year, attackers dumped 6,458,020 encrypted LinkedIn passwords on a Russian forum seeking assistance in decoding them.

    The stolen passwords were camouflaged using an outdated cryptographic hash function, SHA-1, created by the National Security Agency. In addition to this weakness, LinkedIn failed to add additional security layers, such as salting the passwords, a technique which randomly appends a string of characters.

     

  • Origin Storage 17:05 on 29/06/2012 Permalink | Reply
    Tags: , Data Breach, , ,   

    Lawyers state data in cloud a business risk 

    European companies using the cloud are potentially contravening data protection laws in the UK and Europe.

    An investigation by Future Intelligence into the legal position of data stored in the cloud has found that many companies are running the risk of prosecution.

    Legal experts contacted by Fi, say in its current form that the cloud technology system worth £14.4 Bn globally to the technology companies promoting it, puts companies trusting personal data in breach of data protection legislation.

    “As it stands the cloud doesn’t comply with data protection,“ said Susan Hall, partner in the Technology, Trade and Media unit at the Manchester-based national legal practice Cobbetts.

    “People go into the cloud for economies of scale and the very factors that lead to those economies of scale are the exact same factors that are likely to lead to the information that they store via the cloud being less well protected and less compliant with the data protection regime.”

    Hall is not alone, every legal expert contacted by Fi confirmed that any company trusting its data to the cloud has virtually no protection against potential prosecution because cloud providers can neither guarantee that their cloud technology complies with existing EU data protection regulations nor will offer contracts indemnifying their clients in the event of any data loss.

    A spokesman for the UK Information Commissioner’s Office confirmed that there were issues with the cloud.

    “The legal experts are quite right. If you have an agreement with a cloud service provider it doesn’t absolve a company of its responsibilities under the Data Protection Act, which requires them to have adequate measures in place to protect the data that they control,” said the spokesman, adding that the European Council’s Article 29 Working Party on data protection is due to report on the issue later this month,

    The main reason for this is because the cloud works by allowing companies to house their data on computers that are continually moving the location of that data which can put those companies in breach of data protection legislation and leave them open to fines of up £500,000 that could rise to 2% of global turnover if new penalties being proposed by the EU are adopted.

    The risks posed by this have been stressed in the US by the American National Institute of Science and Technology which became so concerned about the issue that it wrote a paper trying to provide clarification and warned : “Clouds have the potential to aggregate an unprecedented quantity and variety of customer data in cloud data centres. This potential vulnerability requires a high degree of confidence and transparency that cloud providers can keep customer data isolated and protected.”

    A detail confirmed by Professor Fred Cate, a highly respected data protection and legal expert, who advises the US Department of Homeland Security and the Defense Advanced Research Projects Agency.

    According to Cate guaranteeing that copies of data are not left behind in the cloud is incredibly difficult because of the nature of internet technology.

    While according to Kathryn Wynn, a data protection expert for the international law firm Pinsent Masons, the current situation means that companies using the cloud face the prospect of being legally liable for data that they have little effective control over.

    “The problem is that the Data Protection Act does not really command any mechanism to allow organisations to ensure that its cloud arrangements are compliant. At the moment they can end up in a situation where they are technologically compliant but what matters is how secure its data is and they cannot guarantee that.”

    The issue for companies wanting to use the cloud is that under the terms of the Data Protection legislation that they are liable for the data that they have collected and have a duty of care to make sure that they know what is done with it, including being sure that they know it has been destroyed.

    A level of detail that cloud computing is hard pushed to be able to deliver as it is only able to offer cheap computing by allowing companies to share computer resources and the technology actually moves data around within computer centres and between computer centres in different parts of the world.

    This is an extract from an article published by Future Intellegence
    to read full article click here

     “Origin Storage has always believed that Cloud will play a huge role within computing as a whole, but from a stand point of  where your sensitive data should be kept, we believe it should always stay under your protection.

    This why Origin Storage has always handpicked specific products that keep the customer 100% in control, and have complete transparency in managing all encrypted devices, whether being SED’s (Self-Encrypted Drives), Encrypted Drive SSD or DataLocker for encryption on the move.

    With customer control and transparency in mind , Origin Storage has recently signed a distribution agreement with Wave Systems Corp to distribute their Encryption management software, utilising the TPM Chip (Trusted Platform Module), which is already installed on over half a billion systems worldwide, the software which includes Bitlocker management, EMBASSY Remote Administration software, as well as Safend Data Protection Suite for all your end points.

    For full details of Wave Systems software please click Here

     

  • Origin Storage 17:29 on 27/06/2012 Permalink | Reply
    Tags: Data Breach, ,   

    FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers’ Personal Information 

     

    The Federal Trade Commission filed suit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures that led to three data breaches at Wyndham hotels in less than two years. The FTC alleges that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.

    The case against Wyndham is part of the FTC’s ongoing efforts to make sure that companies live up to the promises they make about privacy and data security.

    In its complaint, the FTC alleges that Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information, and that its failure to safeguard personal information caused substantial consumer injury. The agency charged that the security practices were unfair and deceptive and violated the FTC Act.

    Wyndham and its subsidiaries license the Wyndham name to approximately 90 independently-owned hotels, under franchise and management agreements.

    Since 2008 Wyndham has claimed, on its Wyndham Hotels and Resorts subsidiary’s website that, “We recognize the importance of protecting the privacy of individual-specific (personally identifiable) information collected about guests, callers to our central reservation
    centers, visitors to our Web sites, and members participating in our Loyalty Program …”

    According to the FTC’s complaint, the repeated security failures exposed consumers’ personal data to unauthorized access. Wyndham and its subsidiaries failed to take security measures such as complex user IDs and passwords, firewalls and network segmentation between the hotels and the corporate network, the agency alleged. In addition, the defendants allowed improper software configurations which resulted in the storage of sensitive payment card information in clear readable text.

    Each Wyndham-branded hotel has its own property management computer system that handles payment card transactions and stores information on such things as payment card account numbers, expiration dates, and security codes. According to the FTC, in the first breach in April 2008, intruders gained access to a Phoenix, Arizona Wyndham-branded hotel’s local computer network that was connected to the Internet and the corporate network of Wyndham Hotels and Resorts.

    Because of Wyndham’s inadequate security procedures, the breach gave the intruders access to the corporate network of Wyndham’s Hotels and Resorts subsidiary, and the property management system servers of 41Wyndham-branded hotels. This access enabled the intruders to:

    • install “memory-scraping” malware on numerous Wyndham-branded hotels’ property management system servers.
    • access files on Wyndham-branded hotels’ property management system servers that contained payment card account information for large numbers of consumers, which was improperly stored in clear readable text.

    Ultimately, the breach led to the compromise of more than 500,000 payment card accounts, and the export hundreds of thousands of consumers’ payment card account numbers to a domain registered in Russia.

    Even after faulty security led to one breach, the FTC charged, Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures. As a result, Wyndham’s security was breached two more times in less than two years.

    • In March 2009, intruders again gained unauthorized access to Wyndham Hotels and Resorts’ network, using similar techniques as in the first breach. In addition to using memory-scraping malware, they reconfigured software at the Wyndham-branded hotels to obtain clear text files containing the payment card account numbers of guests. In this second incident, the intruders were able to access information at 39 Wyndham-branded hotels for more than 50,000 consumer payment card accounts and use that information to make fraudulent charges using consumers’ accounts.
    • Later in 2009, intruders again installed memory-scraping malware and thereby compromised Wyndham Hotels and Resorts’ network and the property management system servers of 28 Wyndham-branded hotels. As a result of this third incident, the intruders were able to access information for approximately 69,000 consumer payment card accounts and again make fraudulent purchases on those accounts.

    The defendants in the case are: Wyndham Worldwide Corporation; its subsidiary, Wyndham Hotel Group, LLC, which franchises and manages approximately 7,000 hotels; and two subsidiaries of Wyndham Hotel Group – Wyndham Hotels and Resorts, LLC and Wyndham Hotel Management, Inc.

    The Commission vote to authorize staff to file the complaint was 5-0, with Commissioner J. Thomas Rosch concurring in the filing of the complaint, but dissenting from including Count II. The complaint was filed in the U.S. District Court for the District of Arizona.

    NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendants have actually violated the law.

     

  • Origin Storage 09:39 on 07/06/2012 Permalink | Reply
    Tags: Data Breach,   

    LinkedIn, eHarmony suffer data breaches 

    (Reuters) – Social networking site LinkedIn and online dating service eHarmony warned that some user passwords had been breached after security experts discovered scrambled files with passwords for millions of online accounts.

    The two companies declined to say how many accounts had been breached when they disclosed the breaches in statements issued on Wednesday.

    They only said they were conducting investigations.

    The breaches are the latest in a string of high-profile attacks around the world that have put personal information of millions at risk. The release of information stolen from the intelligence analysis firm Stratfor in December included data belonging to former U.S. Vice President Dan Quayle and former Secretary of State Henry Kissinger.

    Mary Landesman, senior researcher with messaging security firm Cloudmark, said that a hacker who has access to somebody’s LinkedIn credentials along with their eHarmony account might be in a good position to commit extortion.

    “When somebody has the keys to your business and personal kingdom, that gives them all sorts of powerful information,” she said. “They might be able to use it for years.”

    The technology news site Ars Technica reported on Wednesday that a total of 8 million encrypted passwords were published on underground forums by a hacker known as ‘dwdm’, who was seeking help unscrambling them.

    It was not clear whether all 8 million of the passwords belonged to users of LinkedIn and eHarmony, or if the hacker had stolen an even larger number of credentials and just posted some of them on the site.

    LinkedIn, which made its stock debut last year, is a social media company that caters to companies seeking employees and people scouting for jobs. It has more than 161 million members worldwide. One of the Mountain View, California-based company’s main initiatives is to grow internationally – 61 percent of its membership is located outside the United States.

    Santa Monica-based eHarmony, which has more than 20 million registered online users, said in a blog post that it has reset affected members passwords. The company said those members will receive an email with instructions on how to reset their passwords.

    Marcus Carey, security researcher at Boston-based Rapid7, said he believed the attackers had been inside LinkedIn’s network for at least several days, based on an analysis of the type of information stolen and quantity of data posted on forums.

    “While LinkedIn is investigating the breach, the attackers may still have access to the system,” Carey warned. “If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time.”

    The files included only passwords and not corresponding email addresses, which means that people who download the files and decrypt, or unscramble, the passwords will not easily be able to access any accounts with compromised passwords.

    Yet analysts said it is likely that the hackers who stole the passwords also have the corresponding email addresses and would be able to access the accounts.

    NEEDS MORE SALT?

    At least two security experts who examined the files containing the LinkedIn passwords said the company had failed to use best practices for protecting the data.

    The experts said that LinkedIn used a vanilla or basic technique for encrypting, or scrambling, the passwords which allowed hackers to quickly unscramble all passwords after they figured out the formula by which any single password had been encrypted.

    The social network could have made it extremely tedious for the passwords to be unscrambled by using a technique known as “salting”, which means adding a secret code to each password before it is encrypted.

    “What they did is considered to be poor practice,” Landesman said.

    LinkedIn officials declined to comment on the criticism, saying it was discussing the breach only on its official blog.

    LinkedIn engineer Vicente Silveira said in a blog that the company had instituted new security measures to protect customer passwords, including the use of salting techniques.

    The breach at LinkedIn comes after a security researcher last year warned that the company had flaws in the way it managed communications with browsers to authorize logins, making accounts more vulnerable to attack. The company responded by tightening its procedures for logins.

    LinkedIn was co-founded by former PayPal executive Reid Hoffman in 2002 and makes money selling marketing services and subscriptions to companies and job seekers.

    LinkedIn shares closed 8 cents higher at $93.08 on Wednesday.

     

  • Origin Storage 09:04 on 07/06/2012 Permalink | Reply
    Tags: Data Breach, ,   

    Telford and Wrekin Council fined £90,000 following disclosure of vulnerable children’s data 

    Telford and Wrekin Council has been issued with a penalty of £90,000 by the Information Commissioner’s Office (ICO), following a breach of the Data Protection Act (DPA) involving the disclosure of confidential and sensitive personal data relating to four vulnerable children.

    The fine was issued following two similar data breaches, which occurred within two months of each other.

    The first occurred on 31 March 2011, when a member of staff working in Safeguarding Services sent the Social Care Core Assessment of one child to the child’s sibling instead of their mother, who lived at the same address. The assessment included sensitive details of the child’s behaviour. It also included the name and address, date of birth and ethnicity of a further young child who had made a serious allegation against one of the other children.

    The second breach concerned the inclusion of the names and addresses of the foster care placements of two young children in their Placement Information Record (PIR). The PIR was printed out and shown to the children’s mother, who noticed the foster carers’ address. The Council then decided to move the children to alternative foster care placements to minimise the effect on the data subjects concerned.

    An investigation carried out by the Council following the first breach found that the relationship records set up on the children’s information system, Protocol, for the children involved in the first incident, were not populated with adequate information. The Protocol system was set up so that the details of individuals were printed automatically on the assessment, although a user could tick a box to ensure that the details weren’t printed. There was also no process in place to check the documents before they were posted out.

    Its subsequent investigation, following the second breach, found that the default setting on the Protocol system was to include the foster carer’s details in the PIR, and there was no process in place to check the PIR after it was printed.

    The ICO’s Deputy Commissioner and Director of Data Protection David Smith said:

    “The decision by the ICO to issue a penalty in this case reflects its seriousness – these were two very similar data breaches which occurred within a short space of time, and both involved highly confidential and sensitive personal data.

    “Most importantly, some of the people affected were vulnerable children, two of whom had to be moved to a new foster home as a result of the second data breach. It is the responsibility of all organisations – especially where children or other vulnerable people are involved – to keep sensitive personal data secure.”

    The Council has now committed to taking action including providing Safeguarding Services staff with further training and support on data protection and information security as well as on using the Protocol system. They are also introducing formal guidance on checking documents printed off the Protocol system, and making changes to its configuration.

     

  • Origin Storage 12:55 on 06/03/2012 Permalink | Reply
    Tags: Data Breach,   

    Data Encryption Software: Avnet Servers Stolen, ICO Looking Into Breach 

    The UK’s Information Commissioner’s Office is looking into a data breach that occurred in December 2011. According to channelregister.co.uk, Avnet Technology Solutions suffered a data breach on December 21 when “unknown parties broke into” their offices. Could the use of data encryption software mollified the ICO? Probably. Was it an option? Well…maybe.

    Server Hard Disks Stolen

    The Haslingden, Lancashire offices of Avnet were broken into on December 21, 2011. Server hard disks — and not the servers themselves — were stolen. These contained data on staff and customers related to the acquisition of Bell Micro. While channelregister.co.uk originally reported that addresses, bank account numbers, sort codes, passport numbers, and national insurance numbers were stolen, it was later contacted by Avnet, and a correction was issued: passport and national insurance numbers were not part of the stolen data.

    Avnet would not confirm how many people were affected by the breach, or how many hard disk drives were stolen.

    The thing about servers is that, generally, people don’t want to use disk encryption software on them because of its negative impact on system resources. It depends from server to server, of course: if a server is accessed every five seconds, then encryption software would probably not impact it negatively. However, if the server is running at 100% all the time, then that computer needs all the resources that can be spared and then some.

    What kinds of servers were involved in the Avnet case? We don’t know. We do know, however, that the breached data was probably not needed on a 24/7 basis. Of course, what else was on these servers is unknown, so it’s hard to decide whether encryption would have been a viable data security measure in this particular case.

     

  • Origin Storage 12:41 on 13/02/2012 Permalink | Reply
    Tags: Data Breach, , unecrypted laptops   

    Eircom confirms data breach after unencrypted laptop theft 

    Data Protection Commissioner slams Irish telecoms giant for “bog standard” security failings

    Irish telecoms firm eircom has confirmed the theft of three laptops containing personal information of over 7,000 customers.

    According to the Irish Independent, details of more than 7,000 mobile phone customers and employees were compromised while bank account or credit card details of 550 eMobile and Meteor customers was also potentially at risk.

    Two of the laptops were stolen from eircom’s Dublin offices in December last year while the third was taken from the home of an employee. It was this laptop that contained the names and address of nearly 700 eircom employees, the Irish Independent says.

    The laptops stolen from eircom’s office contained personal information of 6,441 eMobile business customers. Nearly 150 of these contained financial or bank details. Another file contained details of just over 400 Meteor post-pay customers, the report said.

    The laptops were not encrypted.

    Paul Bradley, head of communications at eircom, apologised to customers and said two separate investigations are underway. He added that no evidence had yet been uncovered that the data had been used by a third party.

    However, the group was slammed by Irish Data Protection Commissioner Billy Hawkes. Speaking to RTE, he said the breach is one of the “most serious” his team had faced, “For two reasons: Because of the nature of the financial data that was on the unencrypted laptops puts people at risk of data theft and secondly the long delay in telling people that their data had been compromised and giving them the opportunity to protect themselves.”

    Hawkes said that data breaches should be reported within 24 for 48 hours and that eircom’s explanation that it was waiting to find out what data was on the laptops before notifying people was “not acceptable”.

    He was said that encryption on laptops that contain personal information is “bog standard security” and that it is “extremely surprising that in two separate incidents eircom laptops were not encrypted.”

    The Data Protection Commission confirmed it is investigating the incident

     

  • Origin Storage 10:44 on 29/07/2011 Permalink | Reply
    Tags: , , Data Breach, , , , , ,   

    Sun, Sand, Sea and Security Survey 2011 

    Work obsessed Brits abroad – 73% of workers check emails whilst on holiday
    And a further 62% admit their boss expects to be in touch with them whilst enjoying the summer sun.

    London (UK), July 2011: Bags packed, flights booked and foreign currency in their pockets. The workforce might be jetting off but they’re definitely not leaving the daily grind behind. Instead –according to a survey conducted by the secure storage specialist Origin Storage – of 1,000 office workers in the City of London, a whopping 73% of workers will check in with the office, whilst on holiday. The results also show that over 50% of those planning a summer break abroad will remain in contact with the office every day to ensure things stay on track during their absence, by checking email accounts and text. Of this group, 32% check their emails more than once a day and if you’re the boss, it seems you never truly rest as 83% admitted that they will be in touch with their offices throughout their entire vacation.

    Key Highlights :

    • 73% of workers phone, text or email their places of work during their holiday of which 54% will check emails at least once a day and 32% more  than once a day!
    • 41% take mobile devices on holiday for work purposes
    • 62% expect their employers to contact them whilst away on holiday
    • 44% of respondents feel that being contactable gives them job security
    • 51% of laptops are left totally unsecured without even a password for protection
    • Only 26% of these laptops will be encrypted

    Paranoid or Laid Back – which are you?
    We are divided. 39% of our sample group felt less stressed after checking emails whilst another 39% admitted checking their emails would leave them more stressed.
    22% are undecided.

    Over 50% of respondents have no security on laptops at all!
    In a worrying new statistic, 51% of those storing work on their laptops are doing so without any security whatsoever with not even a password for protection! Let’s hope they’re not left behind at the airport, in a café or on the beach.

    From the horse’s mouth:
    Jane, City PA from Harpenden:”My director feels he can contact me at any time for the most inane of queries, ‘Where is the contacts folder?’ or ‘What time did you book me on my flight to Geneva?’ and I feel it’s an invasion of my privacy. I was even called off the beach by the hotel reception because my mobile was not picking up signal so my boss called the hotel directly.”
    Mike, CEO from Barnes: “I absolutely expect to contact my staff when on holiday. If they don’t want the job, there are thousands who do. Myself included, can we really afford not to work all the hours in this economic climate? I think not. I know I feel better knowing that things are ticking over nicely whilst I’m away so I don’t come back to an unmanageable workload.”
    Speaking on these results, Andy Cordial, MD of Origin Storage concludes, “We seem to have changed to a nation of workaholics. Only 23% (a jump from the survey conducted just 8 months ago from 35%) of our respondents have no contact whatsoever with work during their holiday which puts them firmly in the minority. Although on the surface this may seem like a good trend, especially for cash struck organisations, we deal with the aftermath from these industrious workers when company secrets have gone AWOL. The reality is that when corporate information is accessed from a mobile device, whether it’s personal or company owned, and it’s misplaced there are consequences”.

    Cordial continues, “Who is to blame? Is it the employee who just can’t let go or the employer for making them feel that they have to be accessible in the first place? Regardless of why it’s happening, our advice to the corporate world is: if you expect to contact your staff while away then it is down to you to secure their devices. Especially as the Information Commissioner’s Office are under pressure to flex its muscle and fine up to £500K for data breaches. Take the opportunity to re-evaluate your security – especially of your mobile devices, and perhaps invest in some holiday insurance of your own.”

    This survey was carried out amongst 1000 city workers by interviewing them at London Bridge and Monument station commuter platforms during July 2011

     

← Older posts

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
esc
cancel