Heathrow Airport received a £120,000 fine this week for allowing a data breach by way of an un-encrypted USB stick being misplaced and falling into the hands of a national newspaper.

The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected.

“The stick held a training video containing names, dates of birth, vehicle registrations, nationality, passport numbers and expiry, roles, and mobile numbers of 10 individuals involved in a particular greeting party, and also details of between 12 and 50 (exact number unconfirmed) Heathrow aviation security personnel, ” the Information Commissioners Office (ICO) said in its penalty notice.

What did Heathrow get so wrong?

While it’s easy to say that it’s easy to lose a USB stick and that there’s little a company’s directors can do to mitigate such a data breach scenario, in issuing the fine, the ICO also pointed out that less than 2% of Heathrow’s 6,500 staff had even received data protection training.

Other concerns noted during the investigation included the widespread use of removable media in contravention of Heathrow’s own policies and guidance and ineffective controls preventing personal data from being downloaded onto unauthorised or unencrypted media.

This is despite the fact that most businesses now rely more and more on IT to support their activities, and this makes them increasingly vulnerable to threats from hackers, viruses and even from malicious or careless actions their own staff as in the Heathrow case.

How can you ensure your company does not fall victim to data breach?

Having the correct solutions, policies and training in place can make the difference between success and failure for your company – strong IT security has never been so crucial.

Information also needs to be protected if you share it with other organisations. For many businesses, the internet has replaced traditional paper-based methods of exchanging information. It can be sent and received faster, more frequently and in greater volume – but the internet in itself brings its own security issues which businesses must consider.

Having an effective IT security polity in place can help you control and secure information from malicious changes, deletions, data breach, or from unauthorised disclosure.

How we can help

Complete IT Systems has the experience, accreditations and skills to provide your business with the security solutions you need. For more information on how Complete IT Systems can help your business, call us on 0845 873 9631 or contact us and we can call you back.

References

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/heathrow-airport-limited-fined-120-000-for-serious-failings-in-its-data-protection-practices/

Recommended Posts