You won’t believe the details of this embarrassing privacy breach.
Data loss has happened in hundreds of shocking, frustrating, and embarrassing ways. But a recent occurrence in Japan may take the cake for the most mortifying loss of personal information ever—and provide a clear lesson for any business, organization, or government body responsible for such data.
A technician in Amagasaki, an industrial city about 500 kilometers southwest of Tokyo, had been hired by the local government to transfer the private data of 460,000 citizens to a call center database. Names, birthdays, phone numbers, home addresses, and bank account details were included—all of Amagasaki’s residents would be contacted about a subsidy they’d receive to help with soaring pandemic-related costs.
The technician finished the job, using a USB stick to transfer the information. But he ran out of time before the end of his shift and didn’t erase the private details from the flash drive—a tiny portable device that can hold gigabytes of data and be plugged into any computer—or the backup device that contained a copy of the information.
He put the two USB sticks into his bag, figuring he could wipe them clean the next morning, and joined three colleagues at a local bar, where he spent three hours drinking sake. Walking home, he passed out on the sidewalk, waking up at 3:00 AM disoriented and confused—and minus his bag, which contained the two USB sticks. He spent the next day looking for it before reporting the theft to the local koban, or neighborhood police station, one of 6,000 in Japan famous for operating exhaustive lost-and-found networks. Sadly, their search party had no success finding the bag.
One day later, the embarrassed mayor of Amagasaki announced the loss of the entire city’s private information, leading to an onslaught of 30,000 angry phone calls from citizens upset about the privacy breach. Another day later, the bag was found with the USB sticks still inside—but in a different part of another city that the data technician didn’t remember visiting. Further uproar ensued: was the data from the USB sticks compromised before being rediscovered? Would cybercriminals be able to steal local residents’ subsidies? Would the technician and his employer, a technology company called Biprogy, be held responsible for the temporary data loss? Would such flagrant disregard for private information be punished in any way, shape, or form?
Such complicated questions don’t have easy answers. Biprogy said they wouldn’t use USB drives for such jobs in the future—and that more than one employee would be entrusted to oversee the process.
But there are more proactive steps you can take to protect your information, your identity, and your business, especially if it retains any client data or private details. At CMIT Solutions, the following strategies make up the foundation of our remote, redundant, and regular data backup solution.
1. End-to-end encryption is critical, while data is at rest and in transit. Comprehensive data protection means legitimate layers of security constructed around it—and no, the user-friendly USB drives mentioned above don’t count. Depending on the industry in which your business operates or the geographic location where your company is based, data encryption regulations could be stricter than you think. Minimum safeguards should follow the standards set out by government and military agencies around the world: local, private encryption when data is on-site, SSL technology when transferring files, and AES-256-bit encryption when data is housed at an off-site location.
2. The minimum recommended backup standard is 3-2-1: 3 copies of your data stored on at least two different forms of media backed up in 1 additional location at least 1 time per day. Why is this so important? Because if your data is lost or compromised, you’ll have an updated version of it available for restoration or reinstallation. Many people think just one backup on an external hard drive or USB stick is enough—but all it takes is one coffee spill on a desk, one fire in an office, or one night out to threaten that single data backup. The 3-2-1 standard states that you should have an original version of your data, a local copy, and an off-site copy—or one hard drive in the office, one network-connected backup, and one cloud storage solution that balances accessibility with security. Each copy should be made at least once each day to maintain a recent record of data activity.
3. Don’t forget about disaster recovery, business continuity, and virtualization plans. The best data backup comes with a “set it and forget it” setting — your information is automatically backed up at least once a day without you having to lift a finger. Recovery plans should be tested and outlined in advance, and all protocols for maintaining operations should be in place well before an emergency strikes. This is particularly important during the summer when hurricanes threaten the East and Gulf Coasts, wildfires threaten the West Coast and Mountain West, and scorching temperatures can lead to power outages anywhere in North America.
4. Make sure you have the right partner by your side every step of the way. None of the steps outlined above are easy for small to medium-sized businesses to implement. That’s why CMIT Solutions offers reliable support and trusted advice for thousands of companies across the United States and Canada. We can help you select, purchase, and install software and hardware capable of withstanding any disaster. We pride ourselves on providing the best customer service in the IT industry, with a 24/7 help desk and deep bench of technical experts backed by nearly 250 independently owned offices. We provide the extensive knowledge needed to empower your employees and help your business succeed in challenging times, no matter what kind of cybersecurity threat you might face.
At CMIT Solutions, we believe in a proactive approach to cybersecurity and data protection. Instead of waiting for the inevitable breach or compromise to happen, we work around the clock to protect our clients and keep their companies safe. We understand the ongoing threat of data loss and we’re here to help you avoid it. Contact CMIT Solutions today to find out more.