The nation owes a debt of gratitude to California, which last year began requiring that companies doing business in the state notify consumers whose unencrypted personal data has been compromised. Because so many companies do business in California, the law has in effect become a de facto national requirement.
In the wake of this law has come a steady stream of announcements that personally identifiable information on millions of individuals has been lost, stolen or misused. The largest incident (as of this writing) was the loss of data on 3.9 million persons by CitiFinancial, the consumer-finance division of Citigroup. But that is only the latest in a long list of losses reported by financial institutions, data brokers and universities.
Interestingly, although online transactions and the vulnerability of digital data have brought the issue of identity theft to the fore, few if any of the high-profile compromises have involved hacking. Digital data is being compromised at an alarming rate through old-fashioned fraud and the loss of such physical media as notebook computers and tapes.
The message here is clear: There is little meaningful distinction between physical security and cybersecurity.
Treating these two areas separately allows gaps in what should be a seamless security fabric. The best firewalls, intrusion detection and prevention systems, and antivirus programs can’t protect anyone against a notebook loaded with sensitive data being left unattended in an unsecured office, or a box of computer tapes disappearing en route from one facility to another.
The first rule in securing data, no matter what form it is in or what media it resides on, is “be careful.” But policies on the handling of data are difficult to enforce, and the people who run the networks have little or no control over the people who sit at the far end of a network connection or who throw a package into the back of a truck. But there are a couple of things that can be done to stem this data leakage that is rapidly becoming a flood.
Digg
De.licio.us
Slashdot
Technorati
