Heathrow Airport received a £120,000 fine late last year for allowing a data breach by way of an un-encrypted USB stick being misplaced and falling into the hands of a national newspaper. The stick, which contained 76 folders and over 1,000 files, was not encrypted or password protected.
“The stick held a training video containing names, dates of birth, vehicle registrations, nationality, passport numbers and expiry, roles, and mobile numbers of 10 individuals involved in a particular greeting party, and also details of between 12 and 50 (exact number unconfirmed) Heathrow aviation security personnel, ” the Information Commissioners Office (ICO) said in its penalty notice.
Since then there have been many further reported (and undoubtedly unreported) breaches as a result of USB loss or theft.
What happened in the Heathrow case?
While it’s easy to say that it’s easy to lose a USB stick and that there’s little a company’s directors can do to mitigate such a data breach scenario, in issuing the fine, the ICO also pointed out that less than 2% of Heathrow’s 6,500 staff had even received data protection training.
Other concerns noted during the investigation included the widespread use of removable media in contravention of Heathrow’s own policies and guidance and ineffective controls preventing personal data from being downloaded onto unauthorised or unencrypted media.
This is despite the fact that most businesses now rely more and more on IT to support their activities, and this makes them increasingly vulnerable to threats from hackers, viruses and even from malicious or careless actions their own staff as in the Heathrow case.
How can you ensure your company does not fall victim to data breach?
Having the correct solutions, policies and training in place can make the difference between success and failure for your company – strong IT security has never been so crucial.
Information also needs to be protected if you share it with other organisations. For many businesses, the internet has replaced traditional paper-based methods of exchanging information. It can be sent and received faster, more frequently and in greater volume – but the internet in itself brings its own security issues which businesses must consider.
Having an effective IT security polity in place can help you control and secure information from malicious changes, deletions, data breach, or from unauthorised disclosure. And while cloud storage and collaboration services offer some peace of mind to the business, unless USB ports are locked down (and therefore potentially negatively impacting user productivity in other ways) then encrypted USB drives can offer another layer of peace of mind for IT departments.
How can encrypted USB help your business?
Kingston Technology’s encrypted USB drives provide the security needed to protect your confidential business data at all times; protect your organisation’s sensitive and business critical data by standardising on an encrypted Kingston DataTraveler or IronKey Flash drives.
With several models and capacities to choose from to suit all types and sizes of organisation, there’s always one that’s ideal for your company’s needs. Whether mobile data security is a priority, or you have to demonstrate compliance with data-at-rest directives, laws, standards or global regulations such as GDPR, Kingston’s encrypted USB drives are built for all scenarios. Check out this short video of the DTVP30 range to find out more.
How we can help
Complete IT Systems and Kingston Technology have the solutions, experience, accreditations and skills to provide your business with the security solutions you need. For more information call us on 01274 396 213 or contact us and we can call you back.
References
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/heathrow-airport-limited-fined-120-000-for-serious-failings-in-its-data-protection-practices/
