Insecure USB Costs £120 000 for Police Force – Time to Ban

Posted by: on Oct 17, 2012 | No Comments

The Greater Manchester Police Force are fined £120,000 for losing the details of more than a thousand people under investigation for serious drugs crime on a unsecured USB drive.

The times are changing as many organizations are looking to the cloud for services such as secure file storage. Meanwhile the regular user is still breaching data security policies using USB drives.

The regular user is still going about their business as they used to. And a unsecure USB drive is still a data security weapon of mass destruction. A insecure USB drive has high data storage capacity and allows extreme data transfers speeds.

I advocate a general ban of insecure USB drive within all government

There are still millions of staff in breach daily just in the UK. Civil servants that in ignorance bring sensitive information on unsecured USB drives. Apparently the wrong tool for any type of sensitive information as it lacks all safeguards. They are risking their jobs and risking to expose citizens sensitive information. A regular USB drive provides no integrity as malware and attackers can infect and manipulate your data. And the most apparent threat is that anyone that has unattended access to a regular USB drive for just a few minutes can empty all of its contents without a trace.

I advocate a general ban of insecure USB drive within all government. If there is a valid use for a insecure USB drive it should have to be applied for. The government does not have cars without seat belts and there are regulations and policies for a million other things. Why on earth are we allowing it to be such a easy mistake to create a data breach with an unsecured USB drive. It is an accident waiting to happen again and again and again. Why are we leaving it an excellent police man or dedicated nurse to make a split second decision and risk their careers and the unwillingly hurt the general public.

But the rest of the worlds governments must be thankful that the UK has a decent data protection legislation. If there was no laws that enforced the disclosure of the breach this incident would had never come to our attention. It would have been the same numb silence that we meet in the rest of the EU. The UK is one of the few countries that is no longer suffering of the head-in-the-sand syndrome. The UK is leading the way and now is the time to finally resolve this lingering problem.

In lack of a general ban it is upsetting to see that the will to adopt to reality and adhere to policies is this weak.  Today the central government has left it up to each other body of government to set its own rules of USB usage, and look where it has left us. The usage of secure USB drives is fragmented and in general there are more people in breach than those in line.

BlockMaster has secured hundreds of thousands of users in the UK that now use secure USB drives, among these employees at the Cabinet Office, NHS Trusts, prisons, councils, universities. It may seem that we have solved the problem by now but the statistics of USB usage and the sales of unsecured USB drives say that we have just scratched the surface of the problem. Of course there are other vendors of secure USB drives but it still accounts only to a fraction of the solution.

Managed secure USB drives are today a cheap and effective tool to solve the USB problem. I have been advocating getting rid of unsecured USB drives for professional users all the way back  since 2005. Today there is no longer not any valid excuse to not resolve this problem. The secure USB drive technology is well developed, well tested, works everywhere (Mac, Windows, Linux), fits all users, there is plenty of choice and the prices are generally very competitive. There is no longer any excuses left and I guess that the ICO shares my view in this given the £120 000 fine that they just issued to the police in Manchester. £120 000 that could have been used to enforce a strict “secure  USBs only” policy within all government staff in all of Manchester.

Media Coverage of the Manchester Incident

http://www.pcpro.co.uk/news/377593/lost-usb-stick-costs-police-120-000

http://www.bbc.co.uk/news/uk-england-manchester-19960966

http://www.theregister.co.uk/2012/10/16/manchester_police_fine_memory_stick/

http://www.computing.co.uk/ctg/news/2217369/police-force-fined-gbp120-000-for-data-breach

http://www.v3.co.uk/v3-uk/news/2217363/ico-hits-greater-manchester-police-with-gbp120-000-fine-for-usb-loss

http://www.thesun.co.uk/sol/homepage/news/4593208/Cops-stung-by-120k-fine-after-info-theft-when-door-opened-to-let-out-a-wasp.html

http://it.slashdot.org/story/12/10/17/0034246/uk-police-fined-for-using-unencrypted-memory-sticks

 

Leave a Reply