Video Screencast Help
Encryption Blog

The Multimillion Dollar CD

Created: 19 Aug 2009 • Updated: 05 Nov 2012
Shilpi Dey's picture
0 0 Votes
Login to vote

Shilpi Dey - Product Marketing Manager

Recently, three HSBC firms were fined several millions of dollars for "failing to adequately protect customers' confidential details from being lost or stolen". Sensitive customer data in the order of 180,000 records was sent to third parties on CDs and simply got lost in the mail. While no customer reported a loss from the failure, the Financial Services Authority (FSA) did not take too kindly to what they termed as the firms being "careless" and fined them to the tune of $5.3M.  As the HSBC firms tally their multi-million dollar fines during what’s described as one of the worst economic climates in the world's history,  the old adage comes to mind: penny-wise and pound foolish.

For the record, I'm not trying to pick on HSBC here, these kinds of breaches have now been reported by nearly all financial services companies that operate in jurisdictions that require disclosure. In fact, HSBC has done more than many firms to protect their customers' confidential information. The lesson for organizations here is that sensitive, corporate data is everywhere: it’s on the CDs sent monthly to the audit firm, and it's also that product roadmap along with the family pictures on that USB stick left at the grandparents' over the weekend. It never ceases to amaze me how in this day and age, with the average cost of a data breach at $202 per record compromised, why organizations fail to realize that there are no two-ways about it: the only sure-fire way to protect data is to encrypt it.

The good news is that the glass is indeed half-full. Organizations looking at the HSBC data breach can take this opportunity to make someone else’s pain their gain by revisiting their own data risk management strategy, if one exists (if not, well, ahem, you know the rest).

Portable encryption solutions that address usability as well as peace of mind (not to mention keeping the auditors and fines at bay) should be the logical step for organizations wishing to protect their removable storage devices, no matter where and how those devices are used. Encrypt every removable storage device or optical media, and don’t sweat it the next time the postal courier marks that shipment of corporate training CDs as lost, or if grandma can’t find that shiny USB stick with the family pictures (and your product roadmap).