So another security attack, this time with a virus locking down computer files until a ransom is paid. It seems to me that the more digital we get, the more vulnerable we become! At the Medical centre in question, the nurses have resorted to paper and flip charts to keep their service operational.

Read about the ‘ransomware’ attack on a hospital that left records inaccessible until a bounty is paid here

It takes me back to my early days of selling in the IT industry when my database was quite literally a thick stack of folded computer printout paper with a customer name, telephone number and contact name….. “Go fish!”

These attacks are becoming so frequent and disruptive that there has to come a point when going back to the old days of index cards and paper filing becomes a consideration. It’s hard to imagine, but where do we cross the risk/reward line?

In our IT Disposal industry, there are some major organisations who have a destruction only policy where every single hard drive must be shredded and cannot be re-used. Whilst there would appear to be some logic to this, upon closer inspection I am not convinced this is a more secure process; in fact I would argue it has the potential to become a far higher risk. Let me explain….

At a recent visit to one of our well established corporate clients I witnessed some hard drive destruction taking place and was quite shocked by the lack of process, security and audit demonstrated by the client. Yes, each hard drive was scanned through the process and yes, each hard drive was destroyed on site. But where was the audit from the client of what assets had been handed across? Boxes of hard drives were open and unsecured. Tier 1 personnel were left alone, totally contra to our agreed SLA, to carry out the process unsupervised. Is this what their IT Director signed up to when the onsite destruction policy was implemented? Was a written policy and procedure document written, other than the Tier 1 process that was obviously dis-regarded? Has an audit been conducted against this process?

The point is that in order to “be” secure you have to “think” secure in everything you do around your data. Sometimes just walking through a process helps you see the blind spots and ensures your data decision making is logical and practical.

Just because something makes sense on a flip-chart doesn’t mean it makes sense in the real world; just ask the Hollywood Presbyterian Medical Board!

Jonathan Rose.

Leave a Reply

You must be logged in to post a comment.