Data breaches in US increases by nearly 50% in 2008

- Steps required to minimize Data breaches, Identity thefts

Data breaches reported in the US increased dramatically in 2008 by 47 per cent to 656 cases, according to Identity Theft Resource Center (ITRC). The ITRC tracks five categories of data loss methods: data on the move, accidental exposure, insider theft, subcontractors, and hacking.

According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords.

Mal-attacks, hacking and insider theft, account for 29.6% of those breaches that reported the causal factor. Insider theft, now at 15.7%, has more than doubled between 2007 and 2008. On the other hand, data on the move and accidental exposure, both human error categories, showed noteworthy improvement, but still account for 35.2% of those breaches that indicate cause.

Electronic breaches (82.3%) continue to outnumber paper breaches (17.7%). While there were 35.7 million records potentially breaches according to the notification letters and information provided by breached entities, 41.9% went unreported or undisclosed making the total number of affected records an unreliable number to use for any accurate reporting.

The financial, banking and credit industries have remained the most proactive groups in terms of data protection.

Based on the breach reports from the past 3 years, the ITRC strongly advises all agencies and companies to:

1. Minimize personal with access to personal identifying information.

2. Require all mobile data storage devices that contain identifying information encrypt sensitive data.

3. Limit the number of people who may take information out of the workplace, and set into policy safe procedures for storage and transport.

4. When sending data or back-up records from one location to another, encrypt all data before it leaves the sender and create secure methods for storage of the information, whether electronic or paper.

5. Properly destroy all paper documents prior to disposal. If they are in a storage unit that is relinquished, ensure that all documents are removed.

6. Verify that your server and/or any PC with sensitive information is secure at all times. In addition to physical security, you must update anti-virus, spyware and malware software at least once a week and allow your software to update as necessary in between regular maintenance dates.

7. Train employees on safe information handling until it becomes second nature.








      Banking | Technology | Finance | Advertise | Terms of use | Disclaimer | Contact us
                         Banknet India | All rights reserved worldwide.