|
Missing Government Data CDs: The Hype and the Reality |
|
|
|
|
Monday, 07 January 2008 |
LONDON, November 22 /PRNewswire/ -- With up to 25 million individual
personal records missing on two UK Government CDs in the "Datagate"
scandal, the following advice on maximizing personal data security is
offered today to companies and individuals by MXI Security, a provider of
portable security solutions for the most demanding customers.
Password-protect or encrypt?
Data files on the missing Government CDs were "password protected" - a
rudimentary security measure that professional data thieves can overcome
in minutes. Password protection means that a file - such as a document, a
spreadsheet or a database - cannot be opened using the appropriate office
program until a password is provided. However, using software freely
available on the internet, even first-time hackers can crack passwords in
minutes. Also, most data within password-protected files is stored without
a protective layer of security.
Encryption offers exponentially more security - with entry-level
encryption software available free to individuals. Encryption scrambles
all the data in a file, so even if a cyber criminal is able to view the
contents of the file, this will be gibberish until the appropriate
decryption algorithm has been provided. AES 256-bit encryption, today's
industry standard, offers astronomical number of different combinations,
therefore providing effective safeguards against the "brute force" attack
method: trying every possible combination in sequence until the right
decryption key is found.
Restrict access to encrypted data through biometric authentication
Individuals and companies alike can use biometric authentication to
further protect their data, advises MXI Security. Locking down access to
data using biometrics - such as a fingerprint - means that a cyber
criminal cannot even get their hands on encrypted data files on a lost or
stolen storage device. Access control with strong authentication therefore
adds another layer of security on top of encryption.
The use of biometrics to verify identity is no longer science fiction. The
US and Canadian Governments have already set secure design and
implementation criteria for a hardware cryptographic module, and MXI
Security's Stealth MXP and Outbacker MXP secure storage devices have
achieved this high level of certification. Both devices have Federal
Information Processing Standards (FIPS) 140-2 Level-2 validation with
certificate No.748 for the Stealth MXP and 777 for the Stealth MXP
Passport products from the US National Institute of Standards and
Technology (NIST) and the Canadian Communication Security Establishment
(CSE.)
Be prepared for the worst
Should you lose a device carrying all your personal data, then what next?
Do you have a copy of your valuable personal files, such as a record of
your mobile phone PIN and PUK codes, and the customer service departments
at your credit card, bank and mobile phone provider - so that you can
alert providers, cancel credit cards and order new PIN numbers for
accounts that may be compromised.
If you're going to carry personal data, make sure it is secure
MXI Security provides a range of portable security solutions for
professionals for whom security and privacy are critical. These products,
offering storage capacities of 512 MB up to 100GB, provide portable
encryption and authentication controls to ensure the secure transportation
of even the most sensitive data. If a device is lost or stolen, the
encrypted data it carries remains safe and secure. MXI Security products
are available in the UK through Sphinx, one of the UK's leading
independent IT distributors (http://www.sphinx.co.uk).
About MXI Security
MXI Security is the leader in providing superior managed portable security
solutions designed to meet the highest security and privacy standards of
even the most demanding customers. For more information please visit
http://www.mxisecurity.com |
News Stories