IRS data breach linked to USB drive

Apr 07th, 2014 / Category: Wide Area File Services

Secure file sharing solutions can eliminate the need for employees to store and transfer information on portable devices, such as USB drives. Why is this important? In addition to being easy to steal, these gadgets are open to a host of vulnerabilities, particularly if workers don't follow stringent security practices, including encrypting data both on the portable device and on the machine they transfer it to.

The Internal Revenue Service (IRS) may have learned this lesson the hard way. Although the incident occurred several years ago, the agency is just now making statements about its investigation into a data breach that exposed information on about 20,000 employees, Bloomberg reported.

"This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data - whether it involves our fellow employees or taxpayers," IRS Commissioner John Koskinen said in a message to employees, according to the news source. "This was not a problem with our network or systems, but rather an isolated incident."

Network protection must be upheld by secure file sharing practices 
As the news source reported, the breach occurred when an employee took home a thumb drive containing the Social Security numbers, names and addresses of workers and then plugged the drive into an unsecure network at home. This opened the possibility that the data could be accessible online.

Although this incident is much smaller in scope than the recent retail breaches, and the IRS reported that it is unaware of any identity theft activity as a result of the exposure, it points to the myriad ways that data can be put at risk, even if network security measures are in place. To dissuade workers from resorting to options like USB drives, which can be tedious to secure and made vulnerable by accessing the information on external devices, organizations should consider implementing solutions such as wide area file services (WAFS) and other secure file sharing programs. 

It's important for these options to be intuitive and convenient for employees so they can uphold security best practices without interrupting their workflow or suffering significant inconvenience. Research has shown that many data breaches are the result of human error or negligence - requiring workers to complete complex encryption steps or utilize programs that are less convenient than a consumer-grade program can increase the chance that they'll make a mistake or neglect the procedure altogether.

Not only are the consequences of data breaches often costly and long-lasting, this sort of incident can erode consumer trust in an organization, whether the breach involved employee data, company resources or customer information. 

For example, in response to the IRS incident, Ways and Means Committee Chairman Dave Camp (R-MI) expressed concern over the agency's ability to protect information effectively.

"In the past, the IRS has released personal taxpayer information to the public, and has not been able to effectively prevent and detect identity theft," he said.

With cyber-crime threats on the rise and digital resources growing everyday, failing to implement robust safeguards is not a chance that corporations can afford to take.