ISEEU Global calls for ban on USB memory sticks
Tuesday, 18 May, 2010
Protecting sensitive data costs money and with new legislation in place which means heavy fines of up to £500,000 for organisations that breach data security rules, IT security solutions provider ISEEU Global is calling for a ban on the use of USB memory sticks and other portable media used to store and transmit personal data in the police service.
Police forces spend tens of thousands of pounds trying to protect sensitive data, via restricted networks, trusted computers, secure mail services and expensive couriers however, high profile cases of serious security breaches continue. ISEEU is warning police authorities that failure to address the issue of data loss in the police service once and for all will cost forces hundreds of thousands of pounds, put confidential files and sensitive intelligence at risk.
Phil Bullivant, director of ISEEU, commented: "The catalogue of data losses in the police service is unacceptable. Just two years ago, a USB stick from the Police National Computer containing 377,000 records including personal details and intelligence on 33,000 serious offenders, dossiers on 10,000 'priority criminals' and the names and dates of birth of 84,000 prisoners in England and Wales was lost by a private consultancy firm appointed by the Home Office.
The widespread ramifications of such a serious data loss are significant, potentially leading to police informants being at risk of reprisals, named offenders seeking rehousing or police protection not to mention individuals demanding compensation.
"Despite this, police data losses are still occurring. Lothian and Borders Police admitted last year that it had lost an unencrypted USB stick containing vehicle registrations and other important information. And even MI6 are not immune to data breaches - last year an MI6 agent left an unencrypted USB stick containing years of drug trafficking intelligence on a bus in Columbia."
Phil Bullivant continued: "It is clear that removable storage devices and other portable media can be a recipe for disaster for the police service and they should have a government health warning on them at the very least. In a private company such embarrassing and potentially damaging incidents would lead to a wholesale review of procedures and police forces should be no different. With the Government taking a muchneeded tougher stance on the issue of data loss, now is the time for police organisations to review data protection and put systems in place to protect sensitive information."
ISEEU Global can help police authorities cope with the plethora of confidential information that is routinely despatched to solicitors, forensic labs as well as external organisations such as the Information Commissioners Office and the DVLA - often without an audit trail specifying who has access to the sensitive information. This will become even more critical in January 2011 when the Management of Police Information (MoPI) national standard for the consistent use of police operational information and how it is recorded, reviewed and shared becomes legislation.
ISEEU Global has developed a low cost, highly secure, audited point to point data access and transfer solution to enable police staff to work without compromising data integrity.With full 2 factor authentication, encrypted data content and virtually unlimited files sizes, ISEEU Global Police Workforce Accessibility incorporates two highly secure functions to connect remotely to all administrative applications and data transfer technology to virtually courier confidential data. The solution also incorporates full administrative and workflow control enabling managers to see at the click of a button who has accessed particular files and provides a full audit report on activity. The technology integrates seamlessly with forces' own systems and complies with government security standards (CESG: CHECK accredited).
Investing in a robust, secure IT solution which allows safe transmission of sensitive data would make the police service's current reliance on removable media redundant.
Phil Bullivant concluded: "Police organisations need to stop fire-fighting individual instances of data loss and start getting to the root of the problem. A review of IT infrastructure is urgently required to address the issue of data access and transfer. The cost of implementing secure remote access and transfer solutions is not significant
compared to the heavy fines as well as the cost to police force's reputations for losing valuable, confidential data.
"While the appeal of the USB stick lies in its ease of use and cost effectiveness,
perhaps now is the time to ban their use or at the very least ensure they come with
cigarette-style warnings - 'use of this USB could seriously threaten your data security and cost your force hundreds of thousands of pounds."
• For more information on ISEEU Global visit www.iseeuglobal.com