A Royal Navy officer misplaced a government laptop containing personal information; security firms offer advice on steps to secure data

It emerged yesterday (9th January 2008) that a Royal navy officer had misplaced a laptop containing the data of 600,000 people.

In a statement to the House of Commons, Defence Secretary Des Browne revealed that by not encrypting data taken outside of the Ministry of Defence (MoD) the department had not followed its own security procedures.

Two further laptops were also revealed to have been stolen, one in Manchester in October 2006 and one in Edinburgh in December 2000.

Alan Bentley, vice president of Lumension Security EMEA (formerly PatchLink), commented: ‘At the heart of all the recent data losses, is a lack of awareness and coherence to the organisation’s security policies. The ‘human factor’ is often the weakest link in any security armour.’

“At the heart of all the recent data losses, is a lack of awareness and coherence to the organisation’s security policies. The ‘human factor’ is often the weakest link in any security armour.

Alan Bentley, vice president of Lumension Security EMEA

He added: “Educating employees over the risks of data theft needs to be tackled first. Implementing policy, which employees will adhere to comes second…Unless, employees start to understand that their job is on the line if they fail to follow procedures, this culture of careless data handling will continue.’

‘In the meantime, organisations that hold sensitive data should lock down their databases, so that employees can not download data onto mobile devices and take it outside the organisation.’

Absolute Software added that the nature of the loss reinforces research conducted by the firm which showed that nearly half of those surveyed said their company’s data was threatened by employee negligence.

William Pound, senior director, International Operations, Absolute Software also highlighted steps that can be taken to secure the data. Ranging from the obvious; not leaving laptops unattended, through to tactical, such as installing anti-virus and firewalls; to the strategic such as creating a contingency plan.