Leaving the back door open on data security

Leaving behind some papers on a train. It has happened to lots of us. My
colleague once left her mortgage application ­ complete with bank details ­ on a
train. But, unlike some civil servants of course, most of us don’t usually carry
top secret intelligence on our person.

However, the sheer quantity of the information we can and do carry around
means there’s probably something very confidential on our laptop or BlackBerry.

The HMRC CD disaster highlighted how easy it is to send ­ and lose ­
confidential information.

The Information Commissioner recommends that personal information which
leaves the building should be encrypted.

Retailer Marks & Spencer was ordered to encrypt its laptops this year
after one was stolen that contained the personal information of 26,000

And there seems to be a sudden focus on encrypting our various mobile
devices. Laptops are relatively easy to protect ­ the latest premium version of
Windows has disk encryption built in.

PDAs and BlackBerries, for instance, which we tend to leave on all the time
and carry around in public places, are harder to deal with because we don’t want
to have to enter a password every time they are used.

But with all this concern about devices, we’re in danger of missing the main
route by which confidential information leaves the security of our offices.
Every day we send billions of emails, many containing extremely confidential

In the same way that we can store more and more information on our hardware,
we now send more in our emails. With high-speed connections to the internet,
emails routinely have documents, files and spreadsheets attached to them.

Are they safe? In a nutshell, no. Emails are sent over the internet ­ a
public, insecure network. Sending an email is like sending an electronic
postcard. Would you send your clients’ confidential information in the post
without using an envelope?
The only secure way for information to travel outside of the office, whether on
a laptop or in an email, is encrypted.

The government sponsored website getsafeonline.org warns about email use. It
states: ‘Assume anything that is sent without encryption can be read by third
parties’. So, while we shut the front door and encrypt the devices that store
our emails and attachments, we’re inadvertently leaving the back door open as
they travel insecurely across the internet.

David Ford is chief executive of Securecoms Limited

Related reading