AOH :: ISNQ4692.HTM

Local councils don't encrypt




Local councils don't encrypt
Local councils don't encrypt



http://www.techworld.com/security/news/index.cfm?newsID=10328 

By Tash Shifrin
Computerworld UK
12 October 2007

Just one in 10 local authorities in the UK encrypts all its sensitive 
data, according to new research.

The survey of IT and security managers at 60 local councils and police 
authorities found that 45 percent of respondents encrypt data on "some 
computers carrying sensitive material", but only 10 percent encrypt data 
on all machines.

More than four in 10 respondents - 43 percent - said that no data was 
encrypted by their organisation.

But 38 percent of respondents said their organisation had been faced 
with an incident in which a laptop was lost or stolen during the past 
year - including one of the six police authorities in the survey, which 
was carried out by security vendor BeCrypt.

Three in 10 of those surveyed also reported that they had no procedures 
regarding use of USB devices - a common cause of security problems. Just 
2 percent of organisations had imposed a total ban on USB devices, while 
38 percent allowed limited use and implemented port control security.

The survey also highlighted a lack of disaster recovery planning. Only 8 
percent of those surveyed said they had a full disaster recovery plan 
with facilities for secure mobile working and an alternative site in 
case of a major problem such as a flu pandemic or public transport 
collapse that prevented staff getting to the office.

More than four in 10 respondents said they had "few plans" but that data 
was backed up, while 20 percent said staff would have to work from home 
using their laptops and 23 percent said an alternative site "would be 
set up".

Richard Brooks, BeCrypt's director of sales, said: "The use of laptops, 
USB devices and other removable media are posing an increasing risk to 
data security. The survey highlights that 30 percent of councils have no 
policy regarding the use of USB devices and the inadvertent or malicious 
threat of data leakage."


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com 

Site design & layout copyright © 1986-2014 CodeGods