Common employee gadget blamed for record data breach
February 17, 2009 by Sam NarisiPosted in: Employee computer use, In this week's e-newsletter, Latest News & Views, Security and law
One company has just experienced what may be the biggest and most expensive case of data theft in history. The culprit: a common tool many employees use every day.
Heartland Payment Systems, a N.J.-based provider of credit and debit card processing services, recently discovered the personal records of more than 100 million card holders was stolen.
Experts say the theft may have been the result of a lost or stolen USB memory stick, a small device that works as a portable hard drive. Many employees use them to transport work-related documents between their homes and the office.
Their small size and portability makes memory sticks a bigger risk for lost data than other devices. For example, more than 12,500 of them are left in the back of taxis every year, according to an estimate by security firm Credant Technologies. Another 9,000 turn up in the pockets of clothes dropped off at the dry cleaners.
The key to transporting data safely: creating and enforcing a policy.
Any device used for work documents should be issued or approved by IT, so the the proper security measures can be put into place.
View all the Latest Stories
February 25th, 2009 at 3:36 pm
It seems to me that someone working with credit and debit info should not be permitted to take this information off site to do work due to the sensitive nature of the information involved. There have been so many instances in the past couple of years with the breaching of personal data and other sensitve information as well as an increase in identity theft it would just make sense to keep this type of information on site to help protect the security of the information. As individuals we have so many things we need to do to protect our personal information and then a company allows this type of practice that makes us vulnerable through no fault of our own.
June 16th, 2009 at 1:17 pm
I agree with Kelly, as far as I’m concerned companies that have had problems are not punished nearly enough to make them want to change. Look at some of the security problems in the past and the company only gets slapped on the hands and says that they must provide monitoring free of charge for the next two years for the consumers. Big Deal!!!!! What about when we get a criminal thats smart enough to gather lots of data and then lay low for 3 or 4 years and then go out and have a grand old time using the information. Here where I work I do not have any CD-RW drives, no floppy drives and the USB ports are locked down unless you have admin rights. I try to limit as much as possible, but even then there are still ways but at least we are trying.
June 17th, 2009 at 7:30 am
Encrypt the entire drive. I must take my memory stick with me which contains budget information and hundreds of customer addresses and other confidential information. While I make sure I have a back up stored on a secured desktop computer in case the stick becomes unreadable, I have also encrypted the portable drive in the event it is stolen or lost and someone tries to access the information. Without the encryption I am forced to password protect dozens of files individually or take the chance that it won’t be lost or stolen. The software (TrueCrypt) was free, easy to install and gives me piece of mind. I’m not 100% sure if it’s foolproof but for the casual finder (as opposed to thief) inserting the device will only bring up a request for a password (my password is over 20 characters). You can choose to keep some files unencrypted separately and they are available for anyone easily. I’ll never have a portable device without this feature again.