Security Blunders Presentation UK 2014


Published on

Learn about some of the simple errors people have made when handing their confidential data, this presentation was based on a Shredded Neat piece of research into blunders from the last 20 years, it is meant to be lighthearted!

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Blunders Presentation UK 2014

  1. 1. Data Security What not to do! UK Data Losses Shredded Neat Limited
  2. 2. Data - Why worry ? • DPA introduced 1984 • Administered by ICO • April 2010 new powers to issue DP ‘Notices’ and pursue through courts • 13,802 cases last year • 372k registered under DPA • 58 spot audits in 2013/13 UK Data Losses Shredded Neat Limited
  3. 3. What could it cost me? • ICO levied £4.25 million in fines on 40 organisations • Average fine £106k • FCA/FSA £7.77 million on just 7 organisations • ICO Max fine £500k and FCA unlimited UK Data Losses Shredded Neat Limited
  4. 4. Our Own Survey • Looked at recorded prosecutions over 20 years, plus: • Internet search of major data breaches • Press and media researched • Pulled together our own statistics and case studies UK Data Losses Shredded Neat Limited
  5. 5. Data Media Losses UK Data Losses Shredded Neat Limited
  6. 6. Secure Paper Losses • Paper in use since 1495 • Digitisation presents challenges dealing with redundant archives • Cloud archiving has specific problems in terms of security • Documents still carried to and from work on various forms transport • Unshredded documents often put in general waste UK Data Losses Shredded Neat Limited
  7. 7. Benji the Bin Man • Benjamin Pell made a living going through rubbish • Professional Muckraker • Drove round London in Hi-Vis emptying bins into his vehicle • Prominent firms and people targeted, paid by newspapers • Police found 200,000 documents in his shed after his arrest! UK Data Losses Shredded Neat Limited
  8. 8. Other data storage UK Data Losses Shredded Neat Limited
  9. 9. Portable Data Media • Seagate devised 1st HDD in 1980, 5Mb, by 2013, latest PCs 4Tb • Or from 5 novels to a library with 4m books • Mem.sticks 1st used 1980s, can hold 128 Gb, convenient to carry – easy to lose! • Mobiles 1990’s, 50% ‘smart’ 25,000 stolen in London per week UK Data Losses Shredded Neat Limited
  10. 10. West African News! • Old pcs/laptops began arriving in Ghana few years ago, Ghanaians welcomed donations to help bridge digital divide. • E-waste dealers set up shop close to port, display 40ft containers they bought in UK – HDDs salvaged are displayed at open-air markets. Organized criminals comb through HDDs for personal information to use in scams. • Totally outside UK regulation & contribute to some of 217,000 ID fraud cases in the UK. UK Data Losses Shredded Neat Limited
  11. 11. Where do losses occur? • Paper losses from offsite storage, during office moves & blown out of doors & windows • Theft of high value laptops/mobiles from houses, trains & cars • 50% of all losses in transit occurred after being in the pub or a restaurant UK Data Losses Shredded Neat Limited
  12. 12. Inverness Police • In 2000, hundreds of documents found blowing across local tip • Internal files on 126 cases incl. bike thefts, drug offences and serious sexual cases • Defendants clearly identifiable • Major inquiry launched by Police • Member public sent bundles found to the local newspapers • Police unable to say how these bypassed their procedures UK Data Losses Shredded Neat Limited
  13. 13. Data Loss Threats
  14. 14. Most Common Threats • Single or compound threats • Excl. misdirected comms. • Intentional e.g. hacking or criminal or accidental, when an event occurs and data falls into other hands or public domain
  15. 15. Reputational Damage • In 2011 Oliver Letwin papped on five separate days • Dumped docs in waste bins in St. James Park • 100 documents retrieved by the photographer • Comprised briefing papers and constituency mail • MP and Minister of State in Cabinet office – Nice one Ollie 
  16. 16. Personal Liability • Richard Jackson 2008 • Left files on Train out of waterloo • Contained Joint Intelligence Committee report on Al Queda & MoD report on Iraq’s defence capabilities • Commuter passed them to the BBC • Richard (Dick) fined £2500 and severely reprimanded by Civil Service
  17. 17. Security what security? • Former Home Secretary David Blunket 2002 • Documents found outside a Sheffield Pub • Aerial Photo’s of his home and detailed alarm systems info & his usual daily routine in papers • Ex-soldier found the papers and gave them to S. Yorkshire Police
  18. 18. Graham Clements whoops! • UK MD of Ischida Corp. Japan. • Gives old Blackberry to his IT dept to recycle • Attends his 1st Board Meet to find his Blackberry No1 item in agenda • Data on it – Business Plans; bank accounts; Corp info & his children • Damaging publicity just averted by fact the phone was recovered by Glamorgan University who were researching mobile phone abuses
  19. 19. Protect yourself! • Ensure DPA complaint processes • Resources needed often outside scope smaller companies • Secure storage of paper on site • CRB check cleaners and FMCo • Ensure all data containing media controlled • Encryption of data taken offsite • Certification to BS15713 contractors not badges!
  20. 20. Contact Details • • Call free 0800 234 6660 • Shreddedneat@Shreddedneat • • • UK Data Losses Shredded Neat Limited