The latest in our continuing series on real life information security incidents shows that even the police need information security. The Manchester Police Department recently experienced an information security incident and the negative publicity that results from such an event. The source of the incident was an unencrypted USB drive that was lost and was found to be holding sensitive records including information about officers and emergency response information including such gems as information about crowd control plans. Losing this information potentially puts the officers at undue risk and also gives groups seeking greater knowledge about internal workings of the police department a leg up in better understanding how the department works. This incident is especially troubling since the article mentions that this department also had an issue with worm problems awhile back, so it is clear a new security mindset is needed to keep data secure.
Information Security lessons learned
- Do not store sensitive information on USB drives
- If you find recommendation #1 draconian be sure to utilize an encrypted USB device such as the IronKey device available at places like Amazon.com
- Educate your users regarding information security to help make sure your security policies are not violated
PS: I realize the picture is not the Manchester Police department but same country and it was just too tempting to pass up!