Data Breaches
Here's a great blog posting on data breaches. The blogger quotes a study that shows that data breach reporting is up almost 70 percent. That can mean one of two things: there are more breaches, or that businesses are doing a better job of reporting them. He writes:
Hacking was the least-cited cause of data breaches in the first six months of 2008 (11.7 percent of the total). Instead, lost or stolen laptops and other digital storage media remain the most frequently cited cause of data breaches, accounting for more than 20 percent of all reported cases, the ITRC found. The inadvertent posting of personal and financial data online prompted roughly 15 percent of the data breach disclosures.
While the share of breaches due to data on the move fell nearly eight percent from last year, that slack was picked up by insider theft. Data breaches due to information stolen by someone inside the company increased from just six percent of the total in 2007 to nearly 16 percent so far this year. Another 13.5 percent of breaches came from subcontractors who lost or stole their clients' customer data.
Hmmm. Internal theft seems to be on the rise. Why should compliance officers care? NCUA's security regulation requires credit unions to implement appropriate safeguards to mitigate threats to sensitive member information. What does your credit union do to minimize the chance of employee theft of data?