How secure is your data?

18-11-2006

I needed a bank account that had a good reputation for being both secure and was recommended for internet use. I’ve been planning on using eBay for some time now but the paranoid security nut in me is unwilling to use just any bank account. So I signed up for an internet account after doing a little research. To cut a long story short after completing umpteen forms and presenting proof of ID I received the details of my new account.

Then I hear on the BBC news that a laptop was stolen from this particular bank and it is very likely that customer data has been compromised. The laptop in question was stolen in a domestic burglary. WTF? How come there was customer data on an employees laptop?

As a systems test professional for a good number of years at various blue chip companies, I was surprised when I read that an employees laptop could contain such sensitive data. When you join such a company you have to sign numerous forms saying that if you are exposed to customer data of any kind you can not disclose it to anyone other than another authorised user and you cannot remove it from the premises. This means you cannot burn it to a storage medium like a CDR or copy it to an external device such as a USB drive.

Most of my exposure to customer data has been very limited. I tend to work on test systems which are still in development or are a replica of a live system used to replicate live issues and as a test bed to develop fixes and test upgrades. For testing purposes we use mangled copies of live data. This is data that has gone through a process that takes the real customer data and changes the names and addresses, enters dummy contact numbers and credit card details using random number sequences. The data has been sanitized to such a degree that it cannot be used to defraud any real customers but it can still be used as valid test data.

Security is very tight as there is often several external resources working on a project for short contracts. If any customer data were to get outside the company then the subsequent media coverage could damage the reputation and share price of a company. That’s why I cannot understand how a companies customer data was allowed to leave the premises on an employees laptop.

Luckily for me the news article stated that the laptop was stolen 3 months ago and I only recently signed up, so my account should be safe. Unless its on another employee laptop somewhere out there.