A hard drive containing sensitive information on one of Europe`s largest financial services groups has been purchased on an Internet auction site for a fiver.
The hard drive was bought as part of research into what happens to lost or stolen laptops. It contained information including pension plans, dates of birth and home addresses of customers. The research was conducted by security firm Pointsec Mobile Technologies.
Losing a mobile device is easily done, easily read
The hard drive in question was purchased on eBay. As well as customer information, it contained personnel details such as payroll records and login codes for the secure intranet site.
Keeping information secure
* Security needs to be put on all mobile devices by IT departments
* Access control and encryption should be mandatory
* Set up a mobile use policy
* Use hard-disk encryption
If exposed, it could have had serious consequences in terms of customer confidence as well as affecting the share price and legal position of the company.
In total, Pointsec purchased 100 hard drives and laptops on Internet auction sites to find out how easy it would be for criminals and opportunists to get their hands on valuable company information.
Seven out of 10 hard drives could be read easily despite being supposedly wiped clean.
PowerPoint presentations
Pointsec also investigated the lifecycle of a lost laptop. It found that PCs lost at airports or handed into the police were routinely resold with all the information still on them if they were not reclaimed within three months. At one of the auctions used by the lost property department at Gatwick Airport, researchers were able to access information on one in three laptops using simple password recovery software.
Hard disk drive password can deter the opportunist
On one machine, researchers found 15 Microsoft PowerPoint presentations containing sensitive information on a well-known food manufacturer. They also accessed customer and company information and private photographs.
"Our research has found just how easy it is to purchase second-hand or lost laptops at public auctions as well as hard drives over the Internet and easily access the information on them," said Peter Larsson, chief executive of Pointsec.
"There are dozens of Web sites which offer password cracking software or recoverable software which criminals, hackers and opportunists use when they want to break into laptops or Web sites," he added.
Pointsec has been contacted by companies which have been targeted by criminals threatening to go public with information gleaned from stolen or lost laptops. "Security measures are vital to ensure that security is not compromised. Something as simple as a hard disk drive password can deter the opportunist," said Tony Neate, Technical Industry Liaison at the UK National Hi-Tech Crime Unit.
Share
Condyn is a SA-based private company that has numerous distribution contracts for best breed of security product suppliers around the globe. Condyn has the sole distribution for the Africa market in all these products. Condyn is the number one distributor for security solutions for Africa. Our focus is to take all aspects of security requirements into consideration when selecting our products for distribution to ensure a total solution for our end-users. Visit www.condyn.net for more information.
Editorial contacts