News stories of data theft are becoming increasingly and disturbingly commonplace.
Most of the data theft is deliberate and is usually done by employees when they are leaving their company.Protecting one's self from ones' own employees is a major challenge as employees are able to use a large range of sophisticated devices which can be simply plugged into office equipment to do the job.An insignificant looking device such as a pen drive has the potential to cause large losses to an enterprise.Surprisingly most of these employees have no guilt about stealing data.Many of them in fact feel that they had a right to use the data since they had helped the company collect it in the first place.Some of the most serious data theft occurs when hackers breach the security systems of a computer and gain unauthorized access to records.Then data theft is often accidental.Laptops are frequently stolen by robbers, usually from parked cars.Often these laptops belong to senior executives of important companies and contain vital information.
The data usually stolen is in the nature of databases of names and addresses of persons and their contact details.These can then be used by rivals to steal business from a competitor.Sometimes the data that gets stolen also includes credit card details,information about bank accounts,social security numbers etc. of an individual.This is more serious as it can lead to identity theft and also the the theft of a persons money.Finally even trade secrets can be targeted.The most celebrated case is the one in March 2005 when Lexar was awarded almost $400 million when it was proved that its trade secrets were stolen and used by no less a company than Toshiba!
Data theft is occurring more frequently now because there is a ready market for such information on the one hand and because companies have paid insufficient attention to data security on the other.The most dangerous trend that has emerged is that what was earlier being done just for kicks is now being done for money and organized crime seems to have entered the scene.
One of the reasons why companies have been slow to react is that there are no laws which make companies which collect such data, accountable for its security.Although customers who are victims of bank or credit card fraud usually don't lose money the company which collected the data is not held responsible for its security.We must understand that the return of his money to a victim is not sufficient in itself.The damage that may have been caused, say to his credit history may take years to repair.
So how do companies protect themselves?The basic procedures that need to be adopted by companies to protect themselves are multi layered identification procedures for customers and more importantly encryption of stored data.
But all these things take up both time and money,which means lower profits.Therefore it is time the state/federal regulators stepped in and made sensible laws for the protection of the people