Hard drive file leads to data breach

The time before a data breach is the most important period in an organization’s data security practice.  The variety of ways in which employees can accidentally compromise everything speaks to the value of ensuring the data on a network is worthless to intruders, even after a breach.

Incidents like the breach of the Rhode Island Public Transit Authority last August demonstrate how easily things can go awry.  An employee downloading a file to their hard drive and failing to delete it led to hackers stealing the sensitive data it contained.  Compounding the issue, the data set was one that had no relevance to the transit agency, containing data on state employees, so its presence there was a mystery.  Why was data that was seemingly immaterial to its own operations present on its system, just waiting to be exploited?  Unions representing these employees were quick to demand answers.  The agency has reportedly explained that a former health insurance provider had erroneously shared the file with them.

Over 17,000 potentially affected people received notifications of the breach, which did include Social Security numbers.  State senators from Rhode Island have, unsurprisingly, weighed in on the issue, demanding more information in order to prevent recurrence in the future.

This incident comes to light as businesses find themselves amid a new wave of remote working, just when it had started to seem like people were going back to the office.  Once again, employees will be in their own homes, on their devices, accessing their organization’s network and potentially sensitive data.  Like the employee in this story, anyone is susceptible to mistakenly leaving privileged data on their hard drive, to the risk and detriment of a completely different organization that would bear the brunt of a security incident.  Any third-party entity could end up becoming an attack vector for another (or numerous) organization, dragging everyone down with them.

In order to strengthen protective measures against a breach, for when an employee does leave critical data exposed, encrypting the data is crucial.  Even if accessed, it will be useless to intruders.  NetLib Security’s Encryptionizer offers encryption of stored data to ensure that even when an intrusion occurs, everything inside is still under lock and key.


By: Jonathan Weicher, post on January 13, 2021
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security