The Information Commissioner’s Office (ICO) have issued a £180k fine to money lending company The Money Shop after the loss of two unencrypted servers containing customer and employee data.
We no longer have the luxury of being surprised about a breach, loss of data, or really any information security mistake: they have simply become so commonplace.
Headlines featuring “millions of accounts compromised” or an “unencrypted laptop left on a train” seem to be a weekly occurrence.
In this case it’s oddly refreshing to see that a company is actually being punished for not adequately protecting their staff and customer data.
“Shouting very loudly…”
Mark James, ESET IT security specialist, doesn’t seem very surprised by this story either but is shocked by the lack of encryption.
“To be honest these days we almost expect our data to go missing from someone’s server on the internet due to some very complex or super sneaky piece of malware at some time or another.
“Not that it’s acceptable of course it’s just par for the course with data stored in the cloud, or at the very least on servers that we have no control over the level of security used.
“But when it happens on servers that are lost or stolen and had NO encryption protecting them we need to start shouting very loudly.”
Security should be a priority, as opposed to the afterthought it seems to be at the moment.
“If The Money Shop had been using DESlock…”
Mark goes on to explain that encryption can be easy and simple to implement, carries a reasonably small cost and should be on by default.
“Cyberwar is a constant battle between the intelligence of two sides, the IT guy using all his knowledge to protect the systems and the “hacker” using all his skill to get around it.
“But protecting said data against loss or theft and the ability of the receiver to access that data is purely down to installing a fairly low cost piece of software to encrypt that data thus protecting it from prying eyes.
“Encryption often fails because it’s not implemented properly or is too complex to understand but it need not be, encryption should be easy to install, a breeze to manage and on by DEFAULT, if The Money Shop had been using DESlock then we would not be here writing this blog.”
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
Do you use encryption? At a company or at home?