How to avoid 5 common storage mishaps
Blindsided! These companies thought they had their stored data locked tight, but they were wrong. Here's how you can avoid a similar fate.
Computerworld - Think you can guess the No. 1 threat to the security of your stored data? If you said hackers, or even trouble-making insiders, you'd be wrong. While malicious threats are an ongoing concern, it's your well-meaning employees who are more likely to unknowingly expose your company's stored data through, say, a file-sharing network or a misplaced laptop.
In fact, a recent Ponemon Institute study found that negligent insiders are by far the biggest threat to data security, accounting for 78% of all breaches.
In this special report, you'll learn the latest techniques for protecting stored data within company walls as well as stored data that flows freely in and out of your organization on laptops, tapes and other movable media.
And don't forget to take the Storage Networking Industry Association's storage security self-assessment quiz and test how well your stored data is protected. Plus, brush up on storage terms with SNIA's online glossary and resource guide.
Data breaches, unfortunately, have become a way of life for corporate America. According to the Identity Theft Resource Center (ITRC), 2008 saw a 47% increase in documented data breaches from the year before. And those are just the ones that made the news, says Craig Muller, an identity theft expert and founder of Identity Doctor in Irvine, Calif. "I get e-mails constantly telling me of breaches," he says.
The public is definitely feeling the pain. In a 2008 study by the Ponemon Institute in Traverse City, Mich., over half (55%) of 1,795 adult respondents across the U.S. said they'd been notified of two or more data breaches in the previous 24 months, and 8% said that they'd received four or more notifications.
But companies are still not sure how to protect themselves. In a Ponemon survey released last month, only 16% of the 577 security professionals who responded said that they were confident or very confident that current security practices could prevent the loss or theft of customer or employee data.
One way to gain confidence is to examine actual breaches and learn from them. Here's a look at five common types of breaches, with advice about how to avoid similar mishaps.
1. Stolen Equipment
In May 2006, personal data on 26.5 million veterans was compromised when a laptop and a storage disk were stolen from the home of a subcontractor working for the U.S. Department of Veterans Affairs. Both items were recovered, and arrests were made. The FBI claimed that no data had been stolen, but the incident prompted sweeping reform at the VA. However, in January 2007, another breach occurred when a laptop was stolen from an Alabama medical facility, exposing personal data on 535,000 veterans and more than 1.3 million physicians.
Costs: By June 2006, the VA was burning through $200,000 a day to operate a call center to answer questions about the breach. It also spent $1 million to print and mail notification letters. It was given permission to reallocate up to $25 million to pay for those costs. Class-action lawsuits were also filed, including one demanding $1,000 in damages for each person affected. After the 2007 breach, the VA set aside an additional $20 million for breach-related costs. And the department recently agreed to pay $20 million to current and former military personnel to settle a class-action lawsuit.
Blinders: Lost or stolen equipment accounts for the largest portion of breaches -- about 20% in 2008, says the ITRC. According to Bart Lazar, a partner in the Chicago office of law firm Seyfarth Shaw LLP, incidents involving lost or stolen laptops make up the majority of data-breach cases he works on.
Eye-openers: Lazar recommends restricting the placement of personal identifying information on laptops. For instance, don't tie customer or employee names to other identifiers, such as Social Security or credit card numbers; alternatively, you can truncate those numbers. Also, consider creating your own unique identifiers by, for example, combining letters from an individual's last name with the last four digits of his Social Security number.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Using VM Archiving to Solve VM Sprawl This CommVault whitepaper discusses how archiving virtual machines can mitigate VM sprawl with a comprehensive approach to VM lifecycle management.
- Keep Your Network Available, Efficient and Secure Make the most of your network by working with experts who "get it." CDW and F5 have partnered to keep networks highly optimized....
- VCE Converged Infrastructure Enables Continuous Operation for Swiss Power Plant Read how Vblock™ Systems, running in active-active mode, enabled KKL to transform its twin data centers in just two months, enable continuous operations,...
- The Future of IT: A Customer First Approach Explore how customer-first policies can make use of social, mobile and cloud technologies to give workers the freedom and flexibility they desire to...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage... All Data Storage White Papers | Webcasts