This month our Information and IT Security Officer, Graeme Wolfe, recounts a true story of lost data and the potential impact of not following policy and guidance.
Too Late! – A cautionary tale.
In a meeting room with my manager, an HR rep and my Union rep, for a disciplinary and misconduct hearing – Too Late!
Being asked by my manager if I had taken sensitive personal data out of the building on an unencrypted memory stick – Too Late!
Arriving home to find the memory stick I copied my data to is missing and not contacting my manager immediately to inform them of the data loss – Too Late!
Leaving the building with data on an unencrypted memory stick, which is accidentally lost on my journey home – Too Late!
In a rush to get home, working flexibly the next day, bag is nearly full and heavy, don’t want to take my laptop home, so copy the documents I need to a personal memory stick (unencrypted) I have to hand – Too Late!
Knowing I am working flexibly the following day, so making room for my laptop in my bag, or contacting the IT Helpdesk to obtain an encrypted memory stick, to take sensitive data away from the University – Not Too Late!
This story could have had other steps and endings included, with more dramatic effects on staff and the wider University.
For example – National newspaper publishes a story “Personal and medical data found on a memory stick lying in the street! Can you trust The University of Westminster with YOUR data?” or maybe in specialist Higher Education and Research media “University of Westminster loses Drug Company / NHS data. Can you trust them to keep your sensitive (and expensive) data and research secure?”
Staff are reminded that there is a new IT Security and Use Policy which you should read and understand. This emphasises the need to keep data secure, in many formats (paper, electronic) and locations (office and travelling). It is important that you implement the policy, not only for the security of the University’s data, but also for your own personal protection.
For further information on the ways to secure your data and use ‘removable media’ (like memory sticks) please see this link for information on how to use them safely and securely, or contact firstname.lastname@example.org
Information and IT Security Officer
(With thanks to the FCO for the original concept of Too Late!)