An article relating to this blog post on Finextra:
Morgan Stanley warns customers of data breach
Morgan Stanley has written to 34,000 customers warning them that their personal financial details may have been stolen while in transit to the New York State Department of Taxation and Finance.
The recent spate of high profile data losses aptly demonstrates the many ways in which data can go astray and reinforces the need to have every potential leakage point protected. Whether it is Wikileak-style insider activity, cyber-attacks from external
hackers or careless unintentional loss of discs containing sensitive information, organisations need to have robust security policies in place along with measures to ensure that those policies are actively managed and enforced.
The threats are many and diverse, so organisations need to constantly review their policies, defences and controls, and to perform regular risk assessments to identify where there is potential for data loss and where additional protection needs to be put in
The recent Morgan Stanley case specifically highlights the need for a policy governing the transfer of information, including monitoring and controlling the transit of sensitive data. Best practice dictates that this should include a policy and process to limit
which staff are authorised to handle and copy sensitive data onto removable storage devices, and the deployment of technology to monitor such copying to ensure that data is encrypted to the required standards.
The Morgan Stanley scenario also underlines the importance of user education and getting staff to treat company data with the same respect that they have for their own personal data. Empowering staff with information goes hand in hand with an understanding
that they have an important part to play in protecting the organisation and its clients from the threat of data loss.