Companies and public bodies are not doing enough to protect customers’ data, the UK’s privacy watchdog and a major survey of security have said.
The Information Commissioner said that the 94 security breaches reported to him last year was an “alarming” number.
The survey of more than 1,000 firms suggested that almost 90% of them let staff leave offices with potentially confidential data stored on USB sticks.
Firms and public bodies were urged to make data protection a priority.
Information Commissioner Richard Thomas said of the 94 data breaches, two thirds were committed by government or other public sector bodies.
Data had been recovered in only three of the 94 cases, he said.
The material included personal details of UK citizens, including health records.
“The evidence shows that more must be done to eradicate inexcusable security breaches,” he said.
Mr Thomas’ findings and the separate Information Security Breaches Survey will be detailed at the InfoSec show in London, the world’s largest event of its kind.
The survey was carried out by Price Waterhouse Coopers on behalf of the Department for Business Enterprise and Regulatory Reform.
According to the survey, almost 80% of firms that had reported a stolen computer had not encrypted data on the hard drive.
Chris Potter, from PricewaterhouseCoopers, which compiled the survey, told BBC News that overall attitudes to security had improved in the last 12 months.
System failures
“Companies have focused on the areas which have caused them most damage in the past, such as viruses and system failures.
“These tend to have caused the greatest cost in terms of business interruption.”
But he said the “biggest concern is around the protection of customer data, which companies clearly want to be good at.
“Sometimes that’s not translating into real action.”
He said particular threats were around the lack of encryption of data on laptops, the use of USB memory sticks and newer technologies like Voice over Internet Protocol.
“In all these areas the controls are not as strong as they are over traditional threats,” he said.
Mr Potter’s comments were echoed by those of the Information Commissioner.
Mr Thomas said: “The government, banks and other organisations need to regain the public’s trust by being far more careful with people’s personal information.
“Once again I urge business and public sector leaders to make data protection a priority in their organisation.”
Of the total reported to the commissioner, 62 security breaches were in the public sector, 28 were in the private sector and four in the charity or third sector.
Of those reported by public sector bodies, almost a third happened in central government and associated agencies, and a fifth in the NHS.
According to the PricewaterhouseCoopers report, fewer companies today are encrypting data on laptops than two years ago, despite a recent spate of high-profile instances of laptop losses with unencrypted information.
Mr Potter said: “We have seen in successive surveys that companies tend to be very good with preventing yesterday’s problems. Companies need to say on their toes to make sure they are addressing tomorrow’s problems.”
The report found that the number of attempts to hack into company networks had risen dramatically over the last two years.
“What is a really big concern is the proportion of large businesses that say hackers have got into their networks,” said Mr Potter.
Two years ago one percent of large businesses reported a hacker penetration compared to 13% in the current report.
The survey also said that figure was likely to be under-reported because many large firms did not admit to successful hacks on their networks.
Security breaches cost UK business roughly several billions pounds a year, said the report.
BT has backtracked on claims that half the country will receive speeds of 12Mb/sec or greater on its new 21CN network.
Whilst briefing journalists at its Gatwick headquarters last month, BT Wholesale’s managing director of products and strategy, Cameron Rejali, told us that “We think 50% of lines will have 12Mb/sec or better,” under 21CN.
But PC Pro subsequently discovered that just weeks before, BT Wholesale had told ISPs that its lab tests revealed 50% of households would only be expected to achieve speeds of at least 6.3-9.3Mb/sec. The figures were published on the BT Wholesale website, from a meeting held with ISPs on 13 February.
When PC Pro first asked BT why there was such a large discrepancy between what the company had told ISPs and what Rejali had told journalists, a spokesperson told us the data on the website was old.
However, BT has this week admitted to PC Pro that the figures are indeed the latest available data and has attempted to distance itself from Rejali’s earlier remarks.
“I can confirm that the figure which states that 50% of UK households can expect to achieve speeds of 6.3-9.3Mb/sec is the latest lab trial data,” a spokesperson told us. “However, it is very difficult to predict the actual speeds that customers will receive once WBC [BT Wholesale Broadband Connect] is rolled out on a nationwide scale.
“Testing and trialling continues and estimates of line rates and coverage may change. For example, customers that today take the DSL Max service (up to 8Mb/sec) are receiving higher line speeds than were predicted during the DSL Max trial, hence Cameron’s comments that 50% of UK households could well achieve higher speeds than the current lab trial data indicates.”
When we pressed the spokesperson on what figure BT thinks is now the most reliable indicator of what customers are likely to receive, she said “we should go with the 6.3-9.3Mb/sec figure”.
ISPs who have been working closely with BT on the 21CN trials have told PC Pro that they too don’t expect most customers to achieve anything close to the headline speeds. “Not many are going to get anywhere near 24Mb/sec,” James Blessing, chief operating officer of Entanet told us.
“If you’re getting above four meg [currently] you’ll see an increase. If you’re getting below four meg, some people actually get a slight decrease.”
Those views are echoed by Thinkbroadband.com, which has researched the speeds customers can expect using ADSL2+ on BT’s new network. “Those who go fast now are going to go even faster,” says site editor, Andrew Ferguson. “Those on 1-1.5Mb/sec are going to see perhaps half a meg extra.”
BT WHOLESALE’S 21CN SPEED ESTIMATES
% of UK households – Expected to achieve speeds of at least
(Max) 12.3-16.3Mb/sec
10% 12.1-16.2Mb/sec
25% 10.9-14.7Mb/sec
50% 6.3-9.3Mb/sec
75% 3.3-5.0Mb/sec
Source: PC PRO
A CITY councillor has had his access to the Chester City Council’s computer network temporarily denied after being accused of sending inappropriate emails.
Cllr Max Drury, 60, has already said sorry to Lib Dem group leader Paul Roberts (Farndon) and his wife as well as Cllr Gwyneth Cooper (Lab, City & St Anne’s), Cllr Paul Cheetham (Lib Dem, Vicars Cross) and “anyone” else offended.
City council spokesman Mike McGivern said: “Chester City Council has temporarily withdrawn its Information & Communications Technology (ICT) service from Councillor Max Drury. We are in discussions with him to reinstate his ICT connection as soon as is practical.
“Anyone wishing to contact Councillor Drury via the city council’s e-mail system should email: memberservices@chester.gov.uk.”
Cllr Drury (Curzon & Westminster) got embroiled in the saga after responding to a round-robin e-mail inviting members on a site visit to a colleague’s ward.
In an unrelated matter, Cllr Drury was arrested on March 2 on suspicion of breaching an harassment order.
Cllr Drury has not been selected by the Conservatives to stand for Overleigh – which covers the area he currently represents – but will be standing for City ward in elections for the new West Cheshire and Chester Council on May 1.
Cllr Drury was not available for comment.
Source – Mar 13 2008 by David Holmes, Chester and Cheshire Chronicle
PARENTS are being given a chance to bridge the gap between their children’s and their own computer skills.
A new course at Whitchurch Junior School is making sure young technology whizzes can no longer put the older generation to shame!
Family learning tutor Sally Whelan of Shropshire County Council visits the school every week to work with a group of seven parents.
This is her third set of sessions at the school, following earlier maths and English courses – all called Keeping up with the children.
The aim is to enhance parents’ skills and give them an understanding of the school syllabus so they can better help their children with work at home.
Headteacher Matthew Copping said: “Parents can improve their own skills, see what we do in school, and see how IT can help develop other subjects.
“For the first time, we are giving children a chance to come out of lessons to join their parents for a short slot in the sessions.”
The next Keeping up with the Children course has yet to be confirmed, but Mr Copping hopes to run another English course.
Source – Cheshire Chronicle
HSBC has become the latest organisation to lose hundreds of thousands of customer details on an unencrypted disc.
The disc contains the names, dates of birth and insurance cover details of 370,000 people who hold life assurance policies at the bank.
The disc went missing after being sent by Royal Mail courier to the bank’s insurance partner, Swiss Re in February.
Such information is normally sent over a secure internet connection, but it wasn’t working on the day
Amazingly, given the furore surrounding Customs losing 25m personal records in near identical circumstances last November, nobody at HMRC though it wise to encrypt the contents of the disc, relying instead on flimsy password protection.
“The data disc lost by HSBC contains no address or bank account details for any customer and would therefore be of very limited, if any, use to criminals,” HSBC claims in a statement.
HSBC has informed the Financial Services Authority (FSA) of the loss and says it will contact the affected customers.
Last year the FSA fined Norwich Union 1.26 million for exposing its customers to the risk of fraud, when it lost a laptop containing sensitive data.
Source: Pc Pro
