Dear editor,
Surrey County Council’s revelation that the health records of 241 patients were emailed to the wrong people, and Citigroup’s statement that details of 360,000 customer accounts were leaked, is truly shocking.
While the Council data loss was caused by human error, and the causes of the bank’s is yet to be confirmed, one thing is clear; neither organisation had appropriate data leak prevention measures in place. At a fraction of the cost of the ICO fine, a simple software-based content filter could have been set up, prohibiting the sending of sensitive data to unauthorised email addresses. Done in the right way, this would maintain the integrity of data security, without impacting on the efficiency of the business. The right solution can even be used to prevent malware from sending data to an external email or IP address.
Until businesses take data leak prevention seriously, breaches like this will continue. It is only when a business realises the massive damage that data breaches can cause, both in terms of fines and damage to reputation, that they do something about it. As the ways in which data can be accessed and leaked continue to multiply, having a robust DLP strategy is going to be of paramount importance to all businesses.
Alexei Lesnykh, Business development manager, DeviceLock UK