Australian IT - Bungle exposes bank files (Natalie O'Brien and Michael McKinnon, JUNE 26, 2006)
Another story in a long line of articles about sensitive data being lost by organisations who should know better. This time it's the turn of the Australian High-Tec crime unit.
One thing I've noticed about these stories is that the organisations involved almost always blame the employee involved for "breaking the rules"
I think this is pretty disingenous(sp?) really. The organisation needs to provide methods/procedures/tools for it's staff to move data around in a secure fashion in the manners in which they need to before they can blame individual staff members for data losses and I don't think that it's likely that most companies will do that.
So that means if you need people to take data with them from one country to another, you have to provide file encryption software (or better still device encryption software). If data keys are the best way of doing this (and they usually are) then companies should be providing encrypted data keys to staff.
Otherwise what happens is that people break rules because they have no way of getting their job done whilst staying within them.
Now I may be off base and maybe all these companies have easy-to-use pervasive support for data encryption and the indiviudals involved were all just willfully negligent people who were willing to risk their jobs by deliberately avoiding all the controls their organisations had put in place.......
