Retraining is key to halting data breaches, says expert
Published 28/08/2008 | 10:31
As investigations continue into how the personal details of one million people were discovered on a computer sold on eBay for £35, a Northern Ireland IT expert warned that organisations need to urgently retrain staff who deal with secure information.
Dr Kevin Curran, a senior lecturer in computing science at University of Ulster, said that breaches of personal data can be prevented by better training of staff in organisations dealing with secure information.
Concerns over the storage of personal data have grown after it emerged this week that a computer sold on eBay for £35 contained the details of more than a million bank and credit card customers from the Royal Bank of Scotland, NatWest and American Express.
The hard drive had not been wiped before it was sold.
The incident is being investigated by the Information Commissioner’s Office the UK's privacy watchdog.
Questions have been raised about the companies and organisations ability which house the personal information to keep data secure.
Dr Curran has warned that companies who do not take the time to wipe computers before selling or dumping them are risking breaches of personal data.
Dr Curran added that retraining of staff was key in order to prevent such incidents.
“Most of the people who work in these areas are aware of the dangers,” he said.
“But sometimes people become complacent.
“A lot of companies for years have got computers going out in an afternoon and new ones coming in, but they haven’t got the time to completely wipe the old ones.
“So what they have done in the past is just dump the machines.
“But even machines in a landfill is a danger. If people get the hard disk it could contain anything.”
He added: “The hard drives, unless they are wiped down in a professional, secure manner will always have information which can be recovered by people who know how to do it.
“Businesses and organisations have to be on their toes. Most information now is stored on discs. Criminals don’t need that much information.”
Dr Curran said it was vital people had confidence in those responsible for housing and protecting personal information.
“We have to have confidence that the people in these government departments, organisations or companies know the proper procedures to follow when getting rid of their old computers.
“These incidents do rock people’s faith in government departments, banks and organisations when incidents like this happen.”
Danny Harrison, ID theft expert from life assistance |company CPP, said the number of organisations holding |personal data is growing, from high street shops to government departments and online retailers.
“This can put us at greater risk of identity theft as the potential for security breaches and subsequently loss of personal data increases — regardless of how careful we are with our details.