ECDL Foundation Blog
Keeping Personal Data Safe – it’s as Much About the User’s Behaviour as it is About Where the Data is Stored
In relation to the security of data, much attention focuses on whether the cloud is ‘fit for purpose’, or whether an individual’s data is safer if stored on a local server, or even on local drives. Critics of the cloud raise concerns about the integrity of huge, remotely located servers: once the firewall is breached, an enormous breadth of an individual’s or organisation’s data is potentially subject to exploitation. It is almost impossible to assess the validity of this criticism, but the focus does draw attention away from another, potentially more influential, security consideration – that of the actions of the user.
We now use technology to perform an increasingly varied number of tasks, and we are storing an ever-growing amount of data electronically. Not all of this data is of a sensitive or private nature, but in the interest of preventing, for example, identity theft, it is very important that we keep this range of data secure. What is often overlooked is how we, as individual users, go about this. Two specific actions – or perhaps more accurately, inactions – are worth highlighting: carelessness in keeping our hardware safe, and topically, the high-risk behaviour of using the same email address and password combinations across multiple sites.
In relation to the first, often individuals do not pay enough attention to the whereabouts of devices, such as USB flash drives, or even laptops. There have been a variety of well-publicised incidents of national tax or health workers misplacing unencrypted hardware in public places. Apart from the obvious embarrassment for the organisations involved, the issue of vast amounts of very sensitive data being potentially subject to exploitation is of real concern.
The issue of password security was recently highlighted when the server of a high-profile technology company was recently hacked, exposing nearly 6.5 million clients’ passwords. The organisation has been widely criticised for not possessing sufficiently secure server encryption software, but some responsibility must also be assumed by the clients’ themselves. IT security is, to a large extent, predicated on the behaviour of the individual: if someone uses their personal email address and ‘12345’ password across multiple sites, it is similar to going away for a three-month holiday and leaving both the front and back doors unlocked.
No comments available