Considering how much negative attention data breaches attract, and the damaging consequences of these events, it would seem logical that all organizations, and particularly those that handle sensitive information regularly, would now be using high-grade, reliable, secure file transfer strategies. Sadly, this is not the case, as a recent incident in Colorado revealed.
Data loss on the road
IdRadar reported that the breach occurred when a state worker lost a USB or thumb drive while traveling between work locations. This drive contained personal data, including the Social Security numbers, home addresses and names of nearly 19,000 Colorado state workers.
In a statement, the Governor's Office of Information Technology (OIT) acknowledged the breach but asserted that there is thus far no evidence to suggest that this information has been stolen or misused in any capacity. As a precaution, the state is in the process of contacting all of the potentially affected individuals and directing them to the Colorado Attorney General's Office, where they can obtain information about thwarting identity theft and fraud.
The news source noted that approximately 8,000 of the individuals who may be affected by this breach are current employees. The rest are former personnel, and therefore may be more difficult to contact.
According to an OIT spokesperson, while the state has a firm policy demanding that information stored on external drives remain encrypted at all times, this protocol was not followed by the employee who caused the data breach, the news source reported.
"The Office of Information Security is continuing all necessary efforts to recover the file," said Jonathan Trull, Colorado's chief information security officer, according to idRadar. "We are also reviewing and revising procedures and practices to minimize the risk of recurrence."
This raises the question of how, exactly, Colorado's state government and other organizations can and should go about improving their data security strategies and minimizing the risk that sensitive information will be lost, stolen or exposed.
Obviously, this is can be a tricky issue, one which many groups have failed to successfully grapple with. However, in the vast majority of cases, organizations can adequately protect their data assets by investing in a number of relevant tools. Among the most essential of these are secure file transfer solutions.
Secure file transfer tools enable workers and other authorized personnel to send data to each other without increasing the danger that this information will be stolen or exposed while in transit. This is key, as data in motion is typically more vulnerable than data at rest.
By offering employees the means of easily sending and receiving job-related data digitally, an organization's leaders can minimize the need for workers to rely on thumb drives and other physical means of information exchange. Without the need to use such devices, incidents like the one which recently occurred in Colorado are no longer threats to the organization's data integrity.