Actu
Cyber-Ark says Irish Gas Board data loss highlights need for digital vaulting of customer records
June 2009 by Cyber-Ark
The theft of a laptop containing the bank account details of around 75,000 customers of the Irish Gas Board highlights a serious security procedure failing, rather than an unfortunate incident, says Cyber- Ark, the digital vaulting specialist.
The fact that the data on the laptop - one of four stolen from the Bord Gais offices and adjacent buildings earlier this month - was not encrypted is a very serious issue says Mark Fulbrook, Cyber-Ark’s UK and Ireland Director.
"That’s bad enough, but best practices in IT security mean that the sensitive customer data shouldn’t have been stored on a laptop in the first place – it should have been digitally vaulted or at the very least encrypted locally and accessible only on a need-to-use basis," he said.
"And that need-to-use basis should only be available across the company’s network, using authenticated and logged access procedures," he said.
Whilst there is a case for allowing access to customer records remotely, the information should never include customer payment details, and certainly not their bank account information unless through a secure channel with full authentication, encryption and security measures in place such as digital vaulting, he explained.
"But to store customer bank account data unencrypted on a laptop goes against all known IT security procedures. It’s a very serious procedural error," he added.
