On January 8 of this year, a billing manager with United HomeCare Services Inc. left a work laptop in her car for ten minutes. This was all it took for an opportunistic thief to smash the window and steal the device. While the billing manager had permission to take the laptop home with her, data regarding 13,617 clients was stolen. This information included names, social security numbers, dates of birth, home addresses, service dates, health plan numbers, and diagnoses, dating back as far as 2002. [Source: PHI Privacy]
It’s unclear whether the data was encrypted, or what other security measures are in place, but it’s obvious to see that – at the very least – five minutes of training could have prevented this breach. Of course, training alone isn’t going to protect your data: people’s memories slip, confidence erodes behavioural measures, and in (hopefully) rare cases, an employee might deliberately allow such an event to happen. In the event that a mobile device like a laptop, USB stick or mobile phone does go missing, you need to know that your data is as secure as it can possibly be.
The key facets that you need to control are:
- Authentication control
Ideally using two keys (passwords, tokens, biometric).
Wherever data is held – centrally, on mobile devices and in cloud storage.
- Access to data
Control who has access to which data sets.
- Confidentiality, integrity and accessibility
The cornerstone of data security – you need confidence in your data and protection measures.
In the event one of your devices goes missing, you need to know that the measures in place will keep your data safe, no matter whose hands it falls into. If you want to make sure your data is encrypted and as safe as possible, we recommend Sophos SafeGuard Enterprise. It covers the whole spectrum of data storage for your business, and is designed to integrate without reducing productivity or interfering with day-to-day business processes.
Find out more on our Security Products page, or pick up the phone and call +44 (0) 845 070 1750 to chat to us about what your organisation needs to be secure.