Unencrypted data at rest is data at peril.

Since Bank of America disclosed in 2005 that it lost a backup tape with customers' personal data, nearly 30 other companies have reported similar embarrassing mishaps. The list of organizations losing tapes with sensitive personal information includes many high-profile names: Ameritrade, Time Warner, CitiFinancial, ABN Amro Mortgage Group, People's Bank, Con Edison, the U.S. Department of Veterans Affairs and Chase Card Services. The breaches affected millions of people, resulted in millions of dollars in direct costs, and even more in indirect costs.

Direct costs include notifying customers of the breach, estimated at $5 to $10 per person, and the expenses associated with controlling damage to the brand, such as advertising in national newspapers. Indirect costs stem from damage to the brand. A loss of trust can easily cause some customers to depart, or potential customers to choose another company to do business with; either wa...

The key to your organization avoiding this fate is encryption, as all unencrypted backup tapes are readable by determined cybercriminals, no matter what your vendor tells you. Some vendors claim that their backup format is proprietary and can't be read without their database and software--don't believe them. Backup formats are irrelevant to laws such as California's SB 1386; if you lose control of unencrypted personal information, you must notify the affected customers. If you can't notify them in a reasonable timeframe, you must contact the media. Several states have similar breach notification laws. As of the end of last year, these laws only apply to unencrypted data. You are not required to notify anyone if the data was encrypted.

It's a clear business case for encrypting tapes that are going to leave a company's physical location. It could save your organization millions of dollars if a tape is lost, and will ensure that any damage to your brand is minimal.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >