Data Leaks

The book I read to research this post was Data Leaks for Dummies by Guy Bunker et al which is an excellent book which I bought from kindle. The most common forms of data loss are 1 theft, 2 losing stuff 3 hacking. The most common forms of hacking are social engineering & via an employee. Something new in this book I didn't know is something called smishing this is when someone sends you a text message on your mobile phone saying you have subscribed to a text service & are being charged & you must get in touch to cancel it. When you get in touch you have to give your bank details to cancel this nonexistent service & they plunder your bank account. If you have VOIP they do vishing which is phoning you on VOIP & pretending to be your bank & getting all your bank details again to plunder your account. The beauty of this is often the calls are free or are extremely cheap. Something I was surprised is if someone wants to do phishing that's sending you an email that claims to be someone like your bank & sends you to a fraudulent site that gets your details & rips you off. Interestingly you can buy phishing software including online support for $1,000. I wonder if you can search google for that. Something a lot of companies that have sensitive data should consider is having their data on a central server & if the employee has to access it on a workstation or laptop keeping the data on the server so that ie if a laptop is stolen it limits the damage caused. Finally a lot of companies are concerned with employees storing sensitive data on things like USB sticks when there is potential for espionage. One idea is put a dab of glue in the USB ports & the other is ban camera phones from sensitive areas. It's easy to take a shot of the screen with one of these so make them hand it in at reception a lot of companies in china do this.