- 14th November 2017
- Posted by: jriddex
- Category: Certification, Cyber Security, Data Protection Act Compliance, EU General Data Protection Regulation, GDPR, Security Awareness, Training, Uncategorized
2017 hasn’t exactly been the best year for the 68bn start-up company Uber. The most recent blow to the transport giant’s reputation is the revelation of a covered-up data breach which happened in 2016.
Instead, Heathrow have been put under scrutiny after a member of public found a USB drive on the pavement containing highly confidential security information about the airport. The drive contained 2.5GB of unencrypted data containing specific security details including the Queen’s route to the airport, a timetable of security patrols, maps showing underground tunnel escape routes from Heathrow express and even the different ID’s needed to access restricted areas.
76 folders were found on the drive and some of them were marked “confidential” or “restricted”. These classifications aren’t in common use anymore so questions have been raised as to how old the data actually is. Nonetheless, information like this would be a goldmine if it fell into the wrong hands. The origins of the drive are still yet to be confirmed but some people believe the contents may have been copied and put on the dark web. Others have claimed that it could have been a security consultant for Heathrow not looking after his assets very well.
In a press statement Heathrow said
“We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future.”
“The UK and Heathrow have some of the most robust aviation security measures in the world, and we remain vigilant to evolving threats by updating our procedures on a daily basis.”
Unfortunately, this isn’t the first-time confidential government information has been misplaced or lost. In June 2008 a senior intelligence officer from the Cabinet Office was suspended after documents were left on the seat of commuter train from London Waterloo. A passenger later handed them to the BBC.
The seven-page file, classified as “UK Top Secret”, contained a report entitled “Al-Qaeda Vulnerabilities
It goes to show that despite living in a day and age of digital technology and data been stored online, physical security breaches are still happening. It also emphasises the importance of staff awareness around security protocols and the encryption of confidential data.
Do you need help with your organisations’ data security?
In recent data breach news it’s apparent that even major companies are over looking the security of their confidential and sensitive data. In the recent Equifax hack, an alarming amount of personal data was not encrypted at rest. This resulted in millions of names, addresses, phone numbers and social security numbers being leaked.
Here at CS Risk Management we offer a range of security services that can help you protect your data. We have help businesses in the UK, Europe and the US get to grips with their information security and cyber security challenges by finding ways to meet these risks head on using cost-effective, practical solutions.
Our consultants have many years experience in information security within SMEs, leading consultancies and blue chip companies. Our consultants are members of professional industry bodies including ISACA, (ISC)2, IISP & BCI and hold professional certifications such as CISA, CISSP, CISM, SCCP and CBCI.
Did you know? – Over 1.9 Billion data records were compromised in the first half of 2017. A 13% increase from the first half of 2016
(Gemalto breach level index 2017)
Talk to a consultant about how we can help you with your cyber security challenges