After experiencing a string of data breach incidents in California's Monterey County and San Mateo County that put the information of thousands of Californians at risk, some companies are taking a closer look at their own organizations and how they handle data security.

California Data Compromised
After a Monterey County Department of Social Services (MCDSS) computer was jeopardized by unauthorized users overseas in March 2013, the MCDSS launched an investigation to determine if sensitive, personal information was compromised, the .

"An investigation into the incident was conducted to determine if any sensitive information on the computer was exposed," MCDSS director Elliott Robinson wrote in . "That investigation concluded that the unauthorized users were able to break through the password protection on the computer between 3/17/2013 and 3/18/2013. While we have been unable to determine that the data on the computer was retrieved or transferred by the unauthorized users, there is a possibility that the … information was accessed."

Robinson reiterated that the hacked computer hadn't been used since 2009, but was still connected to the state network. He theorized that a power surge could have booted up the computer, the Monterey Herald reported. That allowed hackers to use the machine as a portal to the names, birth dates, addresses and Social Security numbers of up to 144,493 people who were in the MediCal, CalWorks, CalFresh and Foster Care payment system.

In an unrelated event, the Legal Aid Society of San Mateo County sustained a data breach of personal data stored on 10 of its laptops on Aug. 12, . Just as with Monterey County, the data on the lawyers' computers included the Social Security numbers, names, dates of birth of various patients who were working with the Legal Aid Society.

As a result, the Legal Aid Society of San Mateo County sent a letter to the California Attorney General's office, among others that had their data compromised, explaining the incident to users whose personal and medical information may have been compromised. However,  unlike Monterey County, the data was not compromised by an overseas entity, rather it was stolen along with the laptops that were burglarized from the society office. 

In both incidents, however, there is a very real human element involved in data breach, whether it is hackers, identity thieves or even company insiders. 

Solving the Insider Issue
While distant, high-profile data breach stories populate the headlines, new data suggests that, contrary to popular belief, the biggest threats to  security and data breach protection are internal. According to the , Understand the State of Data Security and Privacy, cited by , 36 percent of data breaches in the last month were caused by human error that typically did not exhibit malicious behavior. 

In the same report, less than 42 percent of employees in North America and European small- and mid-sized businesses surveyed said they had received training on how to handle data, so it isn't surprising that so much data is being mishandled. Little more than half of those employees were aware of their company's security policies.

"Companies have spent fortunes defeating network attacks, firewall breaches, viruses – but left their data center exposed to the biggest security problem that exists – people," Barry Shteiman, director of security strategy at Imperva, speaking at ITPro and cited by the source. "The insider data breaches problem is so big because it does not necessarily mean hackers. Any employee in an organization may be a malicious insider, and even worse, any employee can be a compromised insider – it doesn't matter if it's the receptionist or the CEO – as long as they have access to the company's data."

Answering the questions and rising to the challenges of data breach protection will undoubtedly become more complex for companies as technology opens up new ways to access information . As a result, some think data security needs to be approach holistically to be the most effective.

Leave a Reply