Case spotlights database security

A battle between two recruitment agencies which reached the High Court has underlined the need for businesses to review the way they secure their confidential business data, lawyers have said.

Social Workline reached a settle¬ment last week with Action First over allegations that an individual who transferred between the firms supplied records from Social Work¬line’s client database to his new company. London law firm Mishcon De Reya said the case highlighted the growing importance of ensuring database security.

“It is rife,” said solicitor Hugo Plowman. “Data is being stolen electronically in most instances, either by people e-mailing data to their Hotmail accounts or to a friend. Or they will use USB sticks or iPods to steal data.”

The affected recruitment firm brought in forensic IT investigators when it discovered the apparent theft.

It has since stepped up security by configuring its Lotus Notes system to record and monitor all e-mails sent by staff. It has also disabled the USB drives on desktop machines.

Mishcon De Reya advised organisations to segregate data, so that staff only have access to the information they need. It said limiting the size of e-mails that can be sent out of a company and restricting the ability to print out large files after office hours were also steps that should be considered.

On the question of monitoring staff e-mails, Charles Boyle, barrister and commercial adviser at the Recruitment & Employment Confederation, said companies had a right to monitor the behaviour of employees to protect their data.

HOW TO PROTECT YOUR DATA

• Ban iPods from the office
• Make sure databases cannot be exported to e-mail
• Control which employees have access to databases
• Carry out vetting checks on staff
• Include invisible traces in your data.

Source: Carratu International

Read article: Secure web use without walls >>

Read article: Network security special report >>

Comment on this article: computer.weekly@rbi.co.uk