Cyber-Ark says Irish Gas Board data loss highlights need for digital vaulting of customer records
The fact that the data on the laptop - one of four stolen from the Bord Gais offices and adjacent buildings earlier this month - was not encrypted is a very serious issue says Mark Fulbrook, Cyber-Ark's UK and Ireland Director.
"That's bad enough, but best practices in IT security mean that the sensitive customer data shouldn't have been stored on a laptop in the first place - it should have been digitally vaulted or at the very least encrypted locally and accessible only on a need-to-use basis," he said.
"And that need-to-use basis should only be available across the company's network, using authenticated and logged access procedures," he said.
Whilst there is a case for allowing access to customer records remotely, the information should never include customer payment details, and certainly not their bank account information unless through a secure channel with full authentication, encryption and security measures in place such as digital vaulting, he explained.
"But to store customer bank account data unencrypted on a laptop goes against all known IT security procedures. It's a very serious procedural error," he added.
For more on the Bord Gais laptop customer record fiasco: http://preview.tinyurl.com/lcxzup
For more on Cyber-Ark: http://www.cyber-ark.com