Enterprises Aren't Shivering in Their Breaches

4:17 PM -- Attrition.org and the Identity Theft Resource Center (ITRC) have declared 2007 was the Year of the Data Breach, according to the Associated Press. The groups reported a sharp rise in breaches during the year, from nearly 20 million in 2006 to 79 million in 2007.

Was there really an increase in data breaches in 2007? Most likely, but I don’t think the jump is as high as the reports would lead us to believe. The real difference is that companies are now being forced to disclose breaches, thanks to new laws governing breaches of personal information. There might have been more breaches in years 2000 through 2006, but they simply weren’t reported. If companies don’t have to report them, they usually don’t. Why look bad when you don’t have to?

The biggest eye opener is that both groups saw a large rise in breaches due to employees mishandling data through lost and stolen laptops. When are companies going to realize that letting data walk out of the building on laptops is not safe unless proper precautions have been taken to protect the data on the laptop?

Take the time to educate your users about how to handle sensitive information securely. Have them sign documentation showing that they’ve received relevant training. If they don’t understand that there are consequences to their actions -- for themselves and their companies -- they are less likely to care.

Here at the university, I sometimes hear students complain about being just a statistic. I wonder how those companies suffering data breaches feel.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading